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ARTWARE CMS parameter of image upload function does not 
filter the type of upload files which allows remote attackers can 
upload arbitrary files without logging in, and further execute code 
unrestrictedly. 


The joomsport_md_load AJAX action of the JoomSport 
WordPress plugin before 5.1.8, registered for both 
unauthenticated and unauthenticated users, unserialised user 
input from the shattr POST parameter, leading to a PHP Object 
Injection issue. Even though the plugin does not have a suitable 
gadget chain to exploit this, other installed plugins could, which 
might lead to more severe issues such as RCE 


artware_cms_ project -- 
artware_cms 


CVE-2021-32538 


2021-07-07 iS CONFIRM 








CVE-2021-24384 


beardev -- joomsport CONFIRM 


2021-07-06 es) 
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may lead to remote code execution. 














erainscope = An issue was discovered in CommScope Ruckus loT Controller CVE-2021-33218 
ruekis oe Gentcollet 1.7.1.0 and earlier. There are Hard-coded System Passwords 2021-07-07 416 MISC 
eal that provide shell access. MISC 
An issue was discovered in CommScope Ruckus loT Controller 
eamaiiebabe = 1.7.1.0 and earlier. The Web Application allows Arbitrary CVE-2021-33217 
Huskus . controller Read/Write actions by authenticated users. The API allows an 2021-07-07 9 MISC 
=> HTTP POST of arbitrary content into any file on the filesystem as MISC 
root. 
commscope -- An issue was discovered in CommScope Ruckus loT Controller || 5954.97.97 75 77 nnn 
ruckus_iot_controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. — MISC 
An issue was discovered in CommScope Ruckus loT Controller CVE-2021-33219 
commscope -- 1.7.1.0 and earlier. There are Hard-coded Web Application 2021-07-07 75 MISC. 
ruckus_iot_controller Administrator Passwords for the admin and nplus1user 7 MISC 
accounts. —— 
Geramecone:= An issue was discovered in CommScope Ruckus loT Controller CVE-2021-33216 
rickiis. entoller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing || 2021-07-07 LS MISC 
eit ete shell access via a developer account. MISC 
CVE-2021-35042 
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows MISC 
djangoproject -- django QuerySet.order_by SQL injection if order_by is untrusted input 2021-07-02 cas) CONFIRM 
from a client of a web application. MISC 
CONFIRM 
iet-eateeSat proieat<jusksate: Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 CVE-2021-25952 
! —PrO} J through 2.2.1 allows an attacker to cause a denial of service and || 2021-07-07 £5, MISC 
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attackers to inject and execute arbitrary commands. 




















Primary bas . CVSS Source & Patch 
Vendor -- Product Bese puon Eabienes Score Info 
CVE-2021-30116 
Kaseya VSA before 9.5.7 allows credential disclosure, as MISC 
kaseya — vsa exploited in the wild in July 2021. 2021-07-09 | 75 misc 
MISC 
An issue was discovered in the CentralAuth extension in 7 aa 
mediawiki -- mediawiki MediaWiki through 1.36. Autoblocks for CentralAuth-issued 2021-07-02 as} MISC 
suppression blocks are not properly implemented. MISC 
An issue was discovered in the AbuseFilter extension in 
MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker 
mediawiki -- mediawiki message is invalid within the content language, the filter user 2021-07-02 75 77 anne 
falls back to the English version, but that English version could 7 MISC 
also be invalid on a wiki. This would result in a fatal error, and so 
potentially fail to block or restrict a potentially nefarious user. 
microsoft -- windows_10 Windows Print Spooler Remote Code Execution Vulnerability 2021-07-02 9 oo 
Server-side request forgery in the Video Downloader for TikTok 
(aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker 
ninjateam -- send crafted requests from the back-end server of a vulnerable 2021-07-07 75 CVE-2020-24142 
Vvideo_downloader_for_tiktok web application via the njt-tk-download-video parameter. It can — MISC 
help identify open ports, local network hosts and execute 
command on services 
Remote Code Execution vulnerability in phplist 3.5.1. The 
application does not check any file extensions stored in the 
Gt, . plugin zip file, Uploading a malicious plugin which contains the Az CVE-2020-22249 
phplist — phplist php files with extensions like PHP,phtml,php7 will be copied to_|| 2021-07-06 | = 75 Iimisce 
the plugins directory which would lead to the remote code 
execution 
A vulnerability in the file uploader component found in the 
~/src/Classes/FileUploader.php file of the ProfilePress CVE-2021-34624 
profilepress -- wp-user-avatar WordPress plugin made it possible for users to upload arbitrary 2021-07-07 t5 MISC. 
files during user registration or during profile updates. This issue learns 
affects versions 3.0.0 - 3.1.3. . 
A vulnerability in the user registration component found in the 
' ~/src/Classes/RegistrationAuth.php file of the ProfilePress CVE-2021-34621 
profilepress — wp-user-avatar WordPress plugin made it possible for users to register on sites a0etlelt Zs MISC 
as an administrator. This issue affects versions 3.0.0 - 3.1.3. . 
A vulnerability in the image uploader component found in the 
~/src/Classes/ImageUploader.php file of the ProfilePress CVE-2021-34623 
profilepress -- wp-user-avatar WordPress plugin made it possible for users to upload arbitrary 2021-07-07 is MSC... 
files during user registration or during profile updates. This issue i 
affects versions 3.0.0 - 3.1.3. . 
Command injection vulnerability in QGAN XEVO, SANOS allows CVE-2021-32529 
qsan -- sanos remote unauthenticated attackers to execute arbitrary 2021-07-07 L5 CONFIRM 
commands. es 
The QSAN SANOS setting page does not filter special CVE-2021-32533 
qsan -- sanos parameters. Remote attackers can use this vulnerability to inject || 2021-07-07 L5 CONFIRM 
and execute arbitrary commands without permissions. a 
QSAN SANOS factory reset function does not filter special CVE-2021-32534 
qsan -- sanos parameters. Remote attackers can use this vulnerability to inject || 2021-07-07 L5 CONFIRM! 
and execute arbitrary commands without permissions. a 
‘The vulnerability of hard-coded default credentials in QSAN CVE-2021-32535 
qsan -- sanos SANOS allows unauthenticated remote attackers to obtain 2021-07-07 Fee: CONFIRM 
administrator’s permission and execute arbitrary functions. a 
Use of MAC address as an authenticated password in QSAN CVE-2021-32521 
qsan -- sanos Storage Manager, XEVO, SANOS allows local attackers to 2021-07-07 LS CONFIRM 
escalate privileges. (sie eeeomeemreees 
‘The same hard-coded password in QSAN Storage Manager's in 
the firmware allows remote attackers to access the control CVE-2021-32525 
qsan -- storage_manager interface with the administrator’s credential, entering the hard- 2021-07-07 9 CONFIRM 
coded password of the debug mode to execute the restricted (emma 
system instructions. 
Use of hard-coded cryptographic key vulnerability in QGAN CVE-2021-32520 
qsan -- storage_manager Storage Manager allows attackers to obtain users’ credentials 2021-07-07 5 CONFIRM 
and related permissions. aaa 
QuickInstall in QSAN Storage Manager does not filter special CVE-2021-32512 
qsan -- storage_manager parameters properly that allows remote unauthenticated 2021-07-07 OS CONFIRM 
attackers to inject and execute arbitrary commands. aaa 
QsanTorture in QSAN Storage Manager does not filter special CVE-2021-32513 
qsan -- storage_manager parameters properly that allows remote unauthenticated 2021-07-07 ya) Peers ore aaa 
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Primary bas A CVSS Source & Patch 
Vendor -- Product Goeerpuon | pens Score Info 
OS command injection vulnerability in Array function in QSAN CVE-2021-32530 
qsan -- xevo XEVO allows remote unauthenticated attackers to execute 2021-07-07 i CONFIRM 
arbitrary commands via status parameter. as 
OS command injection vulnerability in Init function in QSAN CVE-2021-32531 
qsan -- xevo XEVO allows remote attackers to execute arbitrary commands 2021-07-07 LS CONFIRM! 
without permissions. a 
record-like-deep-assign_project -- ||All versions of package record-like-deep-assign are vulnerable to CVE-2021-23402 
: : : : ; : ; 2021-07-02 £5 CONFIRM 
record-like-deep-assign Prototype Pollution via the main functionality. CONFIRM 
Splinterware System Scheduler Professional version 5.30 is 
subject to insecure folders permissions issue impacting where CVE-2021-31771 
F the service 'WindowsScheduler' calls its executable. This allow a MISC 
ae e eye on ee ean non-privileged user to execute arbitrary code with elevated avers Le MISC 
privileges (system level privileges as "nt authority\system") since MISC 
the service runs as Local System. 
Lack of authentication or validation in motor_load_more, 
motor_gallery_load_more, motor_quick_view and 
motor_project_quick_view AJAX handlers of the Motor i : 
WordPress theme before 3.1.0 allows an unauthenticated CVE-2021-24375 
stockware -- motor : eae ‘ 2021-07-06 pes} MISC 
attacker access to arbitrary files in the server file system, and to CONFIRM 
execute arbitrary php scripts found on the server file system. We (igeemeceertci tack 
found no vulnerability for uploading files with this theme, so any 
scripts to be executed must already be on the server file system. 
: CVE-2021-23403 
: All versions of package ts-nodash are vulnerable to Prototype =< 
ts-nodash_project — ts-nodash Pollution via the Merge() function due to lack of validation input. a02 Tite a= Bee 
An authentication bypasss vulnerability in the web-based 
management interface of Zyxel USG/Zywall series firmware CVE-2021-35029 
zyxel -- usg1900_firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series || 2021-07-02 GS MSC 
firmware versions 4.35 through 5.01, which could allow a remote hepa 
attacker to execute arbitrary commands on an affected device. 
Back to top 
Medium Vulnerabilities 
Primary a gs é CVSS Source & Patch 
Vendor -- Product Deserpaon Polened Score Info 
An integer overflow vulnerability exists in the DICOM 
parse_dicom_meta_info functionality of Accusoft ImageGear CVE-2021-21807 
accusoft -- imagegear 19.9. A specially crafted malformed file can lead to a stack- 2021-07-07 6.8 MISC OCS™ 
based buffer overflow. An attacker can provide a malicious file to ee 
trigger this vulnerability. 
In the xrdp package (in branches through 3.14) for Alpine Linux, 
eo i RDP sessions are vulnerable to man-in-the-middle attacks CVE-2021-36158 
pIPIelnIne 'apatts because pre-generated RSA certificates and private keys are edet te a3 MISC 
used. 
In the Druid ingestion system, the InputSource is used for 
reading data from a certain data source. However, the HTTP 
InputSource allows authenticated users to read data from other 
sources than intended, such as the local file system, with the 
privileges of the Druid server process. This is not an elevation of CVE-2021-26920 
oe privilege when users access Druid directly, since Druid also 07. MISC 
apache=dnuid provides the Local InputSource, which allows the same level of eee é MLIST 
access. But it is problematic when users interact with Druid MLIST 
indirectly through an application that allows users to specify the 
HTTP InputSource, but not the Local InputSource. In this case, 
users could bypass the application-level restriction by passing a 
file URL to the HTTP InputSource. 
A vulnerability in the HTML pages of Apache Jena Fuseki allows 
, : an attacker to execute arbitrary javascript on certain page views. CVE-2021-33192 
apache — jena_fuseki This issue affects Apache Jena Fuseki from version 2.0.0 to eeene 43 MISC 
version 4.0.0 (inclusive). 
The WP Foodbakery WordPress plugin before 2.2, used in the 
FoodBakery WordPress theme before 2.2 did not properly CVE-2021-24389 
chimpgroup -- foodbakery sanitize the foodbakery_radius parameter before outputting it 2021-07-06 4.3 CONFIRM 
back in the response, leading to an unauthenticated Reflected —— 
Cross-Site Scripting (XSS) vulnerability. 
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Primary sas . CVSS Source & Patch 
Vendor -- Product Boee een Pabienes Score Info 
Cross Site Scripting (XSS) vulnerability in the CM Download 
: Manager (aka cm-download-manager) plugin 2.7.0 for CVE-2020-24145 
cminds -- cm_download_manager nae : . 2021-07-07 4.3 MISC 
WordPress allows remote attackers to inject arbitrary web script MISC 
or HTML via a crafted deletescreenshot action. (_—= 
Cross-site request forgery (CSRF) vulnerability in WordPress CVE-2021-20779 
codemig -- Email Template Designer - WP HTML Mail versions prior to 3.0.8 2021-07-07 6.8 MISC 
wordpress_email_template_designgallows remote attackers to hijack the authentication of a MISC 
administrators via unspecified vectors. MISC 
commscope -- An issue was discovered in CommScope Ruckus loT Controller 2021-07-07 4 oe 
ruckus_iot_controller 1.7.1.0 and earlier. The API allows Directory Traversal. > MISC 
commscope -- An issue was discovered in CommScope Ruckus loT Controller 2021-07-07 46 ee 
ruckus_iot_controller 1.7.1.0 and earlier. Hard-coded API Keys exist. —— MISC 
‘The WP Pro Real Estate 7 WordPress theme before 3.1.1 did 
not properly sanitise the ct_community parameter in its search CVE-2021-24387 
contempothemes -- real_estate_7 |jlisting page before outputting it back in it, leading to a reflected 2021-07-06 4.3 CONFIRM 
Cross-Site Scripting which can be triggered in both MISC 
unauthenticated or authenticated user context 
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are CVE-2021-27455 
deltaww -- dopsoft vulnerable to an out-of-bounds read while processing project 2021-07-02 4.3 MISC OS™ 
files, which may allow an attacker to disclose information. —— 
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are CVE-2021-27412 
deltaww -- dopsoft vulnerable to an out-of-bounds read, which may allow an 2021-07-02 6.8 MISC OS 
attacker to execute arbitrary code. ——— 
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, 
WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, CVE-2021-20739 
elecom -- wrc-300febk_firmware —||VWWRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions |} 2021-07-07 fe MISC 
allows an unauthenticated network-adjacent attacker to execute MISC 
an arbitrary OS command via unspecified vectors. 
The Export Users With Meta WordPress plugin before 0.6.5 did 
export_users_with_meta_project -- ||not escape the list of roles to export before using them in a SQL 2021-07-06 6.5 CVE-2021-24451 
export_users_with_meta statement in the export functionality, available to admins, leading a CONFIRM 
to an authenticated SQL Injection. 
This affects all versions of package Flask-User. When using the 
make_safe_url function, it is possible to bypass URL validation . z 
and redirect a user to an arbitrary URL by providing multiple ia 
flask-user_project -- flask-user back slashes such as /////evil.com/path or \\evil.com/path. This 2021-07-05 5:8 MISC 
vulnerability is only exploitable if an alternative WSGI server MISC 
other than Werkzeug is used, or the default behaviour of —= 
Werkzeug is modified using 'autocorrect_location_header=False. 
The WP Fluent Forms plugin < 3.6.67 for WordPress is 
vulnerable to Cross-Site Request Forgery leading to stored CVE-2021-34620 
fluentforms -- contact_form Cross-Site Scripting and limited Privilege Escalation due to a 2021-07-07 6.8 MISC 
missing nonce check in the access control function for MISC 
administrative AJAX actions 
Usage of hard-coded cryptographic keys to encrypt configuration 
files and debug logs in FortiAuthenticator versions before 6.3.0 CVE-2021-24005 
fortinet -- fortiauthenticator may allow an attacker with access to the files or the CLI 2021-07-06 tI CONFIRM 
configuration to decrypt the sensitive data, via knowledge of the a 
hard-coded key. 
A cross-site request forgery vulnerability in the GraphQL API in a 
gitlab -- gitlab GitLab since version 13.12 and before versions 13.12.6 and 2021-07-07 4.3 CONFIRM 
14.0.2 allowed an attacker to call mutations as the victim MISC. 
‘ , An information disclosure vulnerability in GitLab EE versions VE =2021-22253 
onlaeaitab 13.10 and later allowed a user to read project details a0aOrnd _ ore 
Client-Side code injection through Feature Flag name in GitLab CVE-2021-22223 
: a CE/EE starting with 11.9 allows a specially crafted feature flag 7. CONFIRM 
gitlab -- gitlab name to PUT requests on behalf of other users via clicking on a eee ite 43 MISC 
link MISC 
A reflected cross-site script vulnerability in GitLab before CVE-2021-22227 
: . versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send MISC 
gitlab — gitlab a malicious link to a victim and trigger actions on their behalf if 0a eoe 43 CONFIRM 
they clicked it MISC 
An issue has been discovered in GitLab affecting all versions. coca ann 
gitlab -- gitlab Improper access control allows unauthorised users to access 2021-07-06 4 MSC 
project details using Grapha]. MISC 
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Primary bas . CVSS Source & Patch 
Vendor -- Product esata ame | Eanes Score Info 
Improper code rendering while rendering merge requests could CVE-2021-22230 
gitlab -- gitlab be exploited to submit malicious code. This vulnerability affects 2021-07-07 6.5 MISC 
Keita Ge Be oe and Hater Mrouph 19.10.13 tae and 1402 ee ___| 
Under certain conditions, some users were able to push to CVE-2021-22226 
gitlab -- gitlab protected branches that were restricted to deploy keys in GitLab || 2021-07-06 4.9 MISC 
CE/EE since version 13.9 CONFIRM 
An issue has been discovered in GitLab CE/EE affecting all 
F : versions starting with 12.8. Under a special condition it was CVE-2021-22229 
gitlab -- gitlab : : : ‘ 2021-07-06 4.3 MISC 
possible to access data of an internal repository through project CONFIRM 
fork done by a project member. (icoeaearereanetas 
A denial of service in user's profile page is found starting with 7 aan 
gitlab -- gitlab GitLab CE/EE 8.0 that allows attacker to reject access to their 2021-07-07 4 MISC 
profile page via using a specially crafted username. CONFIRM 
Use after free in WebAudio in Google Chrome prior to oe 
google -- chrome 91.0.4472.114 allowed a remote attacker to potentially exploit 2021-07-02 6.8 MISC 
heap corruption via a crafted HTML page. GENTOO 
Use after free in TabGroups in Google Chrome prior to CVE-2021-30557 
91.0.4472.114 allowed an attacker who convinced a user to MISC 
google — chrome install a malicious extension to potentially exploit heap corruption erent cs) MISC 
via a crafted HTML page. GENTOO 
Use after free in Sharing in Google Chrome prior to CVE-2021-30555 
eouleehrene 91.0.4472.114 allowed an attacker who convinced a user to 2021-07-02 68 MISC 
goog install a malicious extension to potentially exploit heap corruption —— MISC 
via a crafted HTML page and user gesture. GENTOO 
Use after free in WebGL in Google Chrome prior to oo 
google -- chrome 91.0.4472.114 allowed a remote attacker to potentially exploit 2021-07-02 6.8 MISC 
heap corruption via a crafted HTML page. GENTOO 
The wpForo Forum WordPress plugin before 1.9.7 did not 
validate the redirect_to parameter in the login form of the forum, 
leading to an open redirect issue after a successful login. Such CVE-2021-24406 
gvectors -- wpforo_forum issue could allow an attacker to induce a user to use a login URL|| 2021-07-06 5.8 CONFIRM 
redirecting to a website under their control and being a replica of [=o oe 
the legitimate one, asking them to re-enter their credentials 
(which will then in the attacker hands) 

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses CVE-2021-20379 
ibraiauerdinny gate snehyption weaker than expected cryptographic algorithms that could allow 2021-07-07 5 CONFIRM 
9 = = yP an attacker to decrypt highly sensitive information. IBM X-Force - XE! 

ID: 195711. (gees 

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an ' : 
‘bin-soduardiiny data enervaian inadequate account lockout setting that could allow a remote 2021-07-07 5 ane 

9 = = yp attacker to brute force account credentials. IBM X-Force ID: a Ye OS” 

196217. eas 

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could 

allow a remote attacker to obtain sensitive information, caused CVE-2021-20416 
ibm -- guardium_data_encryption _||by the failure to set the HTTPOnly flag. A remote attacker could || 2021-07-07 5 CONFIRM 

exploit this vulnerability to obtain sensitive information from the XE 

cookie. IBM X-Force ID: 196218. 

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a 

remote attacker to obtain sensitive information when a detailed CVE-2021-20417 
ibm -- guardium_data_encryption _||technical error message is returned in the browser. This 2021-07-07 4 CONFIRM 

information could be used in further attacks against the system. XF 

IBM X-Force ID: 196219 

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does - : 
y , , not invalidate session after logout which could allow an aaa 
ibm -- guardium_data_encryption : : 2021-07-07 6.5 CONFIRM 

authenticated user to impersonate another user on the system. XF 

IBM X-Force ID: 195709. ae 

Cross Site Scripting (XSS) in Webmail Calender in IceWarp CVE-2020-25925 
icewarp -- webclient WebClient 10.3.5 allows remote attackers to inject arbitrary web || 2021-07-07 4.3 MSC... 

script or HTML via the "p4" field. aoe 

‘The Easy Cookies Policy WordPress plugin through 1.6.2 is 

lacking any capability and CSRF check when saving its settings, 

allowing any authenticated users (such as subscriber) to change 
izsoft - easy_cookies_policy them. If users can't register, this can be done through CSRF. 2021-07-06 4 CVE-2021-24405 








Furthermore, the cookie banner setting is not sanitised or 
validated before being output in all pages of the frontend and the 
backend settings one, leading to a Stored Cross-Site Scripting 





issue. 
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Primary sas . CVSS Source & Patch 
Vendor -- Product tea aa | pens Score Info 
. ener aa CVE-2020-24038 
ji2global -- myfax myFax version 229 logs sensitive information in the export log 2021-07-07 4 MISG 
module which allows any user to access critical information. MISC 
An issue was discovered in Joomla! 3.0.0 through 3.9.27. 
joomla -- joomla\! Inadequate escaping in the rules field of the JForm API leads to || 2021-07-07 4.3 7 eee 
a XSS vulnerability. ——— 
An issue was discovered in Joomla! 3.0.0 through 3.9.27. 
joomla -- joomla\! Inadequate escaping in the imagelist view of com_media leads 2021-07-07 4.3 7 rare 
to a XSS vulnerability. ——— 
An issue was discovered in Joomla! 2.5.0 through 3.9.27. 
joomla -- joomla\! Missing validation of input could lead to a broken usergroups 2021-07-07 S i aad 
table. ——— 
i i i ] 
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS CVE-2021-26037 
joomla -- joomla\! functions did not properly termine existing user sessions when a |} 2021-07-07 5 MISC... 
user's password was changed or the user was blocked. ——— 
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install 
, _ ' action in com_installer lack the required hardcoded ACL checks Az: CVE-2021-26038 
joomla — joomla! for superusers. A default system is not affected cause the default raed = MISC 
ACL for com_installer is limited to super users already. 
: AACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer CVE-2021-36146 
neem Dereference for a trb pointer. eee ee 5 MISC 
inine=enin ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL 2021-07-02 5 CVE-2021-36143 
Pointer Dereference. MISC 
An issue was discovered in ACRN before 2.5. It allows a 
linux -- acrn devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL 2021-07-02 5 oe 
pointer dereference for vq->used. a 
The polling timer handler in ACRN before 2.5 has a use-after- 
linux -- acrn free for a freed virtio device, related to 2021-07-02 5 oe 
devicemodel/hw/pci/virtio/*.c. ieseicans 
, ‘The Device Model in ACRN through 2.5 has a CVE-2021-36145 
ine aan devicemodel/core/mem.c use-after-free for a freed rb_entry. ele Ore 5 MISC 
An issue was discovered in ACRN before 2.5. dmar_free_irte in 
linux -- acrn hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer 2021-07-02 6.8 7 aren! 
overflow. f= 
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was CVE-2021-22555 
linux -- linux_kernel discovered in net/netfilter/x_tables.c. This allows an attacker to 2021-07-07 46 MISC 
gain privileges or cause a DoS (via heap memory corruption) MISC 
through user name space MISC 
Directory traversal in the Media File Organizer (aka media-file- CVE-2020-24144 
media_file_organizer_project -- organizer) plugin 1.0.1 for WordPress lets an attacker get access 2021-07-07 5 MSC OS™ 
media_file_organizer to files that are stored outside the web root folder via the items|] = MISC 
parameter in a move operation. ———s 
An issue was discovered in the Translate extension in MediaWiki 
through 1.36. The Aggregategroups Action API module does not CVE-2021-36129 
mediawiki -- mediawiki validate the parameter for aggregategroup when action=remove || 2021-07-02 4 MISC 
is set, thus allowing users with the translate-manage right to MISC 
silently delete various groups' metadata. 
An issue was discovered in the CentralAuth extension in 
MediaWiki through 1.36. The Special:GlobalRenameRequest CVE-2021-36125 
mediawiki -- mediawiki page is vulnerable to infinite loops and denial of service attacks || 2021-07-02 5 MISC 
when a user's current username is beyond an arbitrary MISC 
maximum configuration value (MaxNameChars). 
An issue was discovered in the CentralAuth extension in [ 
MediaWiki through 1.36. The Special:GlobalUserRights page 
ee ‘sap provided search results which, for a suppressed MediaWiki user, CVE-2021-36127 
mediawiki -- mediawiki 5 er ‘ 2021-07-02 4 MISC 
were different than for any other user, thus easily disclosing MISC 
suppressed accounts (which are supposed to be completely ea 
hidden). 
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 
1.35.3, and 1.36.x before 1.36.1, bots have certain unintended CVE-2021-35197 
mediawiki -- mediawiki API access. When a bot account has a "sitewide block" applied, || 2021-07-02 5 CONFIRM 
it is able to still "purge" pages through the MediaWiki Action API MISC 
(which a "sitewide block" should have prevented). 
An issue was discovered in the Filelmporter extension in 
MediaWiki through 1.36. For certain relaxed configurations of the 
el is ap $wgFilelmporterRequiredRight variable, it might not validate all CVE-2021-36132 
mediawiki -- mediawiki : : ‘ ara cs 2021-07-02 6 MISC 
appropriate user rights, thus allowing a user with insufficient MISC 











rights to perform operations (specifically file uploads) that they 
should not be allowed to perform. 
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malicious websites via a crafted payload entered into the 
Shoutbox message panel. 

















Primary a . CVSS Source & Patch 
Vendor -- Product cepa aa Eabienes Score Info 
Mikrotik RouterOs before 6.47 (stable tree) suffers from an 
rrilerolike routers assertion failure vulnerability in the /nova/bin/user process. An 2021-07-07 4 oe 
authenticated remote attacker can cause a Denial of Service due mm FULLDISC 
to an assertion failure via a crafted packet. os 
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory - 7 
mikrotik -- routeros corruption vulnerability in the /nova/bin/graphing process. An 2021-07-07 4 roo 
authenticated remote attacker can cause a Denial of Service i” MISC 
(NULL pointer dereference). et 
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory : : 
mikrotik.<-routeros corruption vulnerability in the /nova/bin/diskd process. An 2021-07-07 4 i 
authenticated remote attacker can cause a Denial of Service due oa MISC 
to invalid memory access. (email 
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack e : 
mikrotile << rouferos exhaustion vulnerability in the /nova/bin/net process. An 2021-07-07 4 rr een 
authenticated remote attacker can cause a Denial of Service due = MISC 
to overloading the systems CPU. a 
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory " . 
See ee corruption vulnerability in the /nova/bin/console process. An 2021-07-07 4 — 
authenticated remote attacker can cause a Denial of Service = MISC 
(NULL pointer dereference). ss 
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an 
erate assertion failure vulnerability in the /nova/bin/console process. CVE-2020-20211 
mikrotik -- routeros : : : 2021-07-07 4 MISC 
An authenticated remote attacker can cause a Denial of Service MISC 
due to an assertion failure via a crafted packet. == 
. ' : ‘ CVE-2021-36212 
misp -- misp app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows 2021-07-07 43 MISG 
stored XSS in the sharing groups view. MISC 
Wigeyeadene= Server-side request forgery (SSRF) in the Import XML and RSS CVE-2020-24148 
; aeney Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data || 2021-07-07 6.4 MISC 
import_xml_and_rss_feeds : . 
parameter in a moove_read_xml action. MISC 
Directory traversal in the Video Downloader for TikTok (aka 
ninja -- downloader-tiktok) plugin 1.3 for WordPress lets an attacker get 2021-07-07 ‘ CVE-2020-24143 
Vvideo_downloader_for_tiktok access to files that are stored outside the web root folder via the = MISC 
njt-tk-download-video parameter. 
CVE-2021-26273 
ninjarmm -- ninjarmm The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. 2021-07-07 4.6 Here 
MISC 
Emissary is a P2P-based, data-driven workflow engine. 
Emissary version 6.4.0 is vulnerable to Server-Side Request 
Forgery (SSRF). In particular, the “RegisterPeerAction’ endpoint Sev 
nsa -- emissary and the ‘AddChildDirectoryAction’ endpoint are vulnerable to 2021-07-02 6.5 MSC 
SSRF. This vulnerability may lead to credential leaks. Emissary MISC 
version 7.0 contains a patch. As a workaround, disable network —— 
access to Emissary from untrusted sources. 
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load 
arbitrary dynamic loadable libraries via an OpenSSL CVE-2021-3613 
openvpn -- connect configuration file if present, which allows the user to run arbitrary || 2021-07-02 4.4 MSC. 
code with the same privilege level as the main OpenVPN [s= 
process (OpenVPNConnect.exe). 
OpenVPN before version 2.5.3 on Windows allows local users to 
load arbitrary dynamic loadable libraries via an OpenSSL CVE-2021-3606 
openvpn -- openvpn configuration file if present, which allows the user to run arbitrary || 2021-07-02 44 MISC 
code with the same privilege level as the main OpenVPN MISC 
process (openvpn.exe). 
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input CVE-2020-25868 
pexip -- pexip_ infinity Validation for call setup. An unauthenticated remote attacker can || 2021-07-07 5 MISC 
trigger a software abort (temporary loss of service). CONFIRM 
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and CVE-2021-31925 
pexip -- pexip_ infinity thus an unauthenticated remote attacker can cause a denial of 2021-07-07 5 MISC 
service via the administrative web interface. CONFIRM 
An issue exists in PHP-Fusion 9.03.50 where session cookies CVE-2020-23178 
php-fusion -- php-fusion are not deleted once a user logs out, allowing for an attacker to 2021-07-02 6.5 MISC... 
perform a session replay attack and impersonate the victim user. = 
‘The component /php- 
fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP- CVE-2020-23182 
php-fusion -- php-fusion Fusion 9.03.60 allows attackers to redirect victim users to 2021-07-02 4.9 “<= 


MISC 
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Primary — A CVSS Source & Patch 
Vendor -- Product ooeeon Eapienes Score Info 
A vulnerability in the user profile update component found in the 
~/src/Classes/EditUserProfile.php file of the ProfilePress CVE-2021-34622 
profilepress -- wp-user-avatar WordPress plugin made it possible for users to escalate their 2021-07-07 6.5 MSC. 
privileges to that of an administrator while editing their profile. frac 
This issue affects versions 3.0.0 - 3.1.3. . 
An integer overflow exists in pywin32 prior to version b301 when 
adding an access control entry (ACE) to an access control list CVE-2021-32559 
pywin32_project -- pywin32 (ACL) that would cause the size to be greater than 65535 bytes. || 2021-07-06 4 MISC 
An attacker who successfully exploited this vulnerability could MISC 
crash the vulnerable process. 
Improper restriction of excessive authentication attempts 
cen eeanee vulnerability in QSAN Storage Manager, XEVO, SANOS allows 2021-07-07 5 CVE-2021-32522 
ean remote attackers to discover users’ credentials and obtain ae = CONFIRM 
access via a brute force attack. 
Use of password hash with insufficient computational effort 
vulnerability in QSAN Storage Manager, XEVO, SANOS allows CVE-2021-32519 
pee aan remote attackers to recover the plain-text password by brute- eed 5 CONFIRM 
forcing the MD5 hash. 
Improper access control vulnerability in FirmwareUpgrade in CVE-2021-32514 
qsan -- storage_manager QSAN Storage Manager allows remote attackers to reboot and 2021-07-07 5 CONFIRM 
discontinue the device. eee 
Path traversal vulnerability in QSAN Storage Manager allows CVE-2021-32527 
qsan -- storage_manager remote unauthenticated attackers to download arbitrary files thru || 2021-07-07 5 CONFIRM 
injecting file path in download function. (emcees 
Observable behavioral discrepancy vulnerability in QGAN CVE-2021-32528 
qsan -- storage_manager Storage Manager allows remote attackers to obtain the system 2021-07-07 5 CONFIRM 
information without permissions. pe 
Command injection vulnerability in QSAN Storage Manager CVE-2021-32524 
Beat = etoiage manages allows remote privileged users to execute arbitrary commands. amiss = CONFIRM 
A vulnerability in share_link in QSAN Storage Manager allows CVE-2021-32518 
qsan -- storage_manager remote attackers to create a symbolic link then access arbitrary || 2021-07-07 S} CONFIRM 
files. feegseeeeeeres 
Absolute Path Traversal vulnerability in FileDownload in QSAN CVE-2021-32507 
qsan -- storage_manager Storage Manager allows remote authenticated attackers 2021-07-07 4 CONFIRM 
download arbitrary files via the Url path parameter. a 
Improper access control vulnerability in share_link in QSAN CVE-2021-32517 
qsan -- storage_manager Storage Manager allows remote attackers to download arbitrary || 2021-07-07 5 CONFIRM 
files using particular parameter in download function. a 
Absolute Path Traversal vulnerability in GetImage in QSAN CVE-2021-32506 
qsan -- storage_manager Storage Manager allows remote authenticated attackers 2021-07-07 4 CONFIRM 
download arbitrary files via the Url path parameter. ———— 
Absolute Path Traversal vulnerability in FileStreaming in QSAN 
Storage Manager allows remote authenticated attackers access CVE-2021-32508 
dsan — storage_manager arbitrary files by injecting the Symbolic Link following the Url path) 2021-07-07 4 CONFIRM 
parameter. 
Absolute Path Traversal vulnerability in FileviewDoc in QSAN 
Storage Manager allows remote authenticated attackers access CVE-2021-32509 
Reais stolage amahades arbitrary files by injecting the Symbolic Link following the Url path 2221-07-07 4 |ConFIRM 
parameter. 
QSAN Storage Manager through directory listing vulnerability in CVE-2021-32510 
qsan -- storage_manager antivirus function allows remote authenticated attackers to list 2021-07-07 4 CONFIRM 
arbitrary directories by injecting file path parameter. iaasaapeany 
QSAN Storage Manager through directory listing vulnerability in CVE-2021-32511 
qsan -- storage_manager ViewBroserList allows remote authenticated attackers to list 2021-07-07 4 CONFIRM 
arbitrary directories via the file path parameter. =e 
Incorrect permission assignment for critical resource vulnerability CVE-2021-32526 
qsan -- storage_manager in QSAN Storage Manager allows authenticated remote 2021-07-07 4 CONFIRM 
attackers to access arbitrary password files. a 
Path traversal vulnerability in share_link in QSAN Storage 7. CVE-2021-32516 
Asan = Storage inianaget Manager allows remote attackers to download arbitrary files. | ceeaueciaes 5 CONFIRM 
Directory listing vulnerability in share_link in QSAN Storage CVE-2021-32515 
qsan -- storage_manager Manager allows attackers to list arbitrary directories and further || 2021-07-07 5 CONFIRM 
access credential information. (iene eeeeapet 
Improper authorization vulnerability in QSAN Storage Manager CVE-2021-32523 
qsan -- storage_manager allows remote privileged users to bypass the access control and |} 2021-07-07 6:5 CONFIRM 
execute arbitrary commands. [=e 
Path traversal vulnerability in back-end analysis function in 
qsan -- xevo QSAN XEVO allows remote attackers to download arbitrary files || 2021-07-07 5 a 











without permissions. 




















CONFIRM 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e7c8b3 


8/24 
















































































7/12/2021 Vulnerability Summary for the Week of July 5, 2021 
Primary sak - CVSS Source & Patch 
Vendor -- Product Beeepeen | Pabenes Score Info 
 dckebehat=toekebakat The Rocket.Chat desktop application 2.17.11 opens external 2021-07-05 5 CVE-2020-26763 
links without user interaction. MISC 

A SQL injection vulnerability in azurWebEngine in Sita AzurCMS CVE-2021-27950 

through 1.2.3.12 allows an authenticated attacker to execute MISC 
sitasoftware -- azurcms arbitrary SQL commands via the id parameter to 2021-07-02 6.5 MISC 

mesdocs.ajax.php in azurWebEngine/eShop. By default, the MISC 

query is executed as DBA. MISC 

Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A 

URL fora widget can be crafted and used to execute JavaScript CVE-2021-35440 

on the victim's computer. The JavaScript code can then steal MSC... 
smashing_project -- smashing data available in the session/cookies depending on the user 2021-07-06 4.3 MISC 

environment (e.g. if re-using internal URL's for deploying, or Rane 
; aa : : : MISC 

cookies that are very permissive) private information may be 

retrieved by the attacker. 

CVE-2021-35331 

** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in MISC 
tcl -- tcl nmakehlp.c might allow code execution via a crated file. NOTE: || 2021-07-05 6.8 MISC 

multiple third parties dispute the significance of this finding. MISC 

MISC 
iepacian ss In Teradici PCoIP Management Console-Enterprise 20.07.0, an CVE-2021-35451 
Said: danadenieat causold unauthenticated user can inject arbitrary text into user browser 2021-07-07 4.3 MISC 
Pcolp_ 9 = via the Web application. MISC 
‘The Jannah WordPress theme before 5.4.5 did not properly 
: . sanitize the 'query' POST parameter in its tie_ajax_search AJAX CVE-2021-24407 
Helene anual action, leading to a Reflected Cross-site Scripting (XSS) aCe tHe e 43 CONFIRM 
vulnerability. 

A use-after-free vulnerability exists in the way certain events are 

processed for ImageLoader objects of Webkit WebKitGTK 

F F 2.30.4. A specially crafted web page can lead to a potential CVE-2021-21775 
webkitgtk — webkitatk information leak and further memory corruption. In order to ae aed 6.8 MISC 

trigger the vulnerability, a victim must be tricked into visiting a 

malicious webpage. 

Cross-site request forgery (CSRF) vulnerability in WPCS - CVE-2021-20780 
wp-currency -- WordPress Currency Switcher 1.1.6 and earlier allows remote 2021-07-07 6.8 MISC 
wordpress_currency_switcher attackers to hijack the authentication of administrators via a MISC 

unspecified vectors. MISC 

Server-side request forgery in the WP-DownloadManager plugin 

1.68.4 for WordPress lets an attacker send crafted requests from 
wp-downloadmanager_project -- _|ithe back-end server of a vulnerable web application via the 2021-07-07 5 CVE-2020-24141 
wp-download_manager file_remote parameter to download-add.php. It can help identify ial MISC 

open ports, local network hosts and execute command on 

services 

A vulnerability in the deleteCustomType function of the WP 
wp-upload-restriction_project -- Upload Restriction WordPress plugin allows low-level 2021-07-07 4 CVE-2021-34626 
wp-upload-restriction authenticated users to delete custom extensions added by mi MISC 

administrators. This issue affects versions 2.2.3 and prior. 

An open redirect vulnerability exists in the /preauth Servlet in 

Zimbra Collaboration Suite through 9.0. To exploit the CVE-2021-34807 

vulnerability, an attacker would need to have obtained a valid MISC 
zimbra -- collaboration zimbra auth token or a valid preauth token. Once the token is 2021-07-02 5.8 MISC 

obtained, an attacker could redirect a user to any URL via MISC 

isredirect=1 &redirectURL= in conjunction with the token data MISC 

(e.g., a valid authtoken= value). 

An issue was discovered in ProxyServlet.java in the /proxy 

servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 CVE-2021-35209 

and 9.x before 9.0.0 Patch 16. The value of the X-Host header MISC 
zimbra -- collaboration overwrites the value of the Host header in proxied requests. The || 2021-07-02 5.8 MISC 

value of X-Host header is not checked against the whitelist of MISC 

hosts Zimbra is allowed to proxy to (the MISC 

zimbraProxyAllowedDomains setting). 

An issue was discovered in Zimbra Collaboration Suite 8.8 

before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS CVE-2021-35207 

vulnerability exists in the login component of Zimbra Web Client MISC 
zimbra -- collaboration ; : ‘ ‘ ~ ? || 2021-07-02 4.3 MISC 

in which an attacker can execute arbitrary JavaScript by adding 

: - MISC 
executable JavaScript to the loginErrorCode parameter of the MISC 
login url. pera 
. Zoho ManageEngine ADSelfService Plus before 6104, in rare . 2 
zohocorp - situations, allows attackers to obtain sensitive information about || 2021-07-02 4.3 =a 


manageengine_adselfservice_plus 














the password-sync database application. 














MISC 
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cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 
2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Search 
Text" field under the "Admin Search" module. 


2021-07-02 


CVE-2020-36412 
MISC 








cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 
2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Create a 
new Design" parameter under the "Designs" module. 


2021-07-02 


CVE-2020-36416 
MISC 








cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 
2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "URL 
(slug)" or "Extra" fields under the "Add Article" feature. 


2021-07-02 


CVE-2020-36414 
MISC 





cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 


2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Exclude 
these IP addresses from the "Site Down" status" parameter 
under the "Maintenance Mode" module. 


2021-07-02 


CVE-2020-36413 
MISC 








cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 
2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Path for 
the {page_image} tag:" or "Path for thumbnail field:" parameters 
under the "Content Editing Settings" module. 


2021-07-02 


CVE-2020-36411 
MISC 








cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 
2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Email 
address to receive notification of news submission" parameter 
under the "Options" module. 


2021-07-02 


i 


CVE-2020-36410 
MISC 





cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 


2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Add 
Category" parameter under the "Categories" module. 


2021-07-02 


CVE-2020-36409 
MISC 








cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 
2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Add 
Shortcut" parameter under the "Manage Shortcuts" module. 


2021-07-02 


CVE-2020-36408 
MISC 








cmsmadesimple -- 
cms_made_simple 


A stored cross scripting (XSS) vulnerability in CMS Made Simple 
2.2.14 allows authenticated attackers to execute arbitrary web 
scripts or HTML via a crafted payload entered into the "Create a 
new Stylesheet" parameter under the "Stylesheets" module. 


2021-07-02 


CVE-2020-36415 
MISC 








deliciousbrains -- 
wp_offload_ses lite 


‘The WP Offload SES Lite WordPress plugin before 1.4.5 did not 
escape some of the fields in the Activity page of the admin 
dashboard, such as the email's id, subject and recipient, which 
could lead to Stored Cross-Site Scripting issues when an 
attacker can control any of these fields, like the subject when 
filling a contact form for example. The XSS will be executed in 
the context of a logged in admin viewing the Activity tab of the 


plugin. 


2021-07-06 


CVE-2021-24494 
CONFIRM 








e4j -- 


vikrentcar_car_rental_management|§ 


In the VikRentCar Car Rental Management System WordPress 
plugin before 1.1.7, there is a custom filed option by which we 
can manage all the fields that the users will have to fill in before 
saving the order. However, the field name is not sanitised or 
este Bae before being output back in the page, leading to a 

red Cross-Site Scripting issue. There is also no CSRF check 
done before saving the setting, allowing attackers to make a 
logged in admin set arbitrary Custom Fields, including one with 
XSS payload in it. 


2021-07-06 


CVE-2021-24388 
CONFIRM 








getkirby -- kirby 





Kirby is a content management system. In Kirby CMS versions 


3.5.5 and 3.5.6, the Panel's “Listltem* component (used in the 
pages and files section for example) displayed HTML in page 
titles as it is. This could be used for cross-site scripting (XSS) 
attacks. Malicious authenticated Panel users can escalate their 
privileges if they get access to the Panel session of an admin 
user. Visitors without Panel access can use the attack vector if 
the site allows changing site data from a frontend form. Kirby 
3.5.7 patches the vulnerability. As a partial workaround, site 
administrators can protect against attacks from visitors without 
Panel access by validating or sanitizing provided data from the 





frontend form. 





2021-07-02 














CVE-2021-32735 
CONFIRM 
MISC 
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authenticated attackers to execute arbitrary web scripts or HTML 
via a crafted payload entered into the "Manage Theme" field. 

















Primary bas . CVSS Source & Patch 
Vendor -- Product Beeeupeen | Eabienes Score Info 
CVE-2021-22232 
‘ : HTML injection was possible via the full name field before CONFIRM 
pital gitlab versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE 2021-07-06 | 35  Imisc 
MISC 
Insufficient input sanitization in markdown in GitLab version CVE-2021-22225 
gitlab -- gitlab 13.11 and up allows an attacker to exploit a stored cross-site 2021-07-07 35 MISC 
scripting vulnerability via a specially-crafted markdown CONFIRM 
Multiple stored XSS vulnerabilities in lrisNext Edition 9.5.16, 
which allows an authenticated (or compromised) user to inject CVE-2021-27930 
irislink -- irisnext malicious JavaScript in folder/file name within the application in 2021-07-06 35 MISC 
order to grab other users’ sessions or execute malicious code in MISC 
their browsers (1-click RCE). 
A stored cross site scripting (XSS) vulnerability in index.php? 
menu=billing_rates of Issabel PBX version 4 allows attackers to CVE-2021-34190 
issabel -- pbx execute arbitrary web scripts or HTML via a crafted payload 2021-07-06 a5 MISC 
entered into the "Name" or "Prefix" fields under the "Create New MISC 
Rate" module. 
The WP SVG images WordPress plugin before 3.4 did not 
sanitise the SVG files uploaded, which could allow low privilege 
users such as author+ to upload a malicious SVG and then 
So : perform XSS attacks by inducing another user to access the file 7. CVE-2021-24386 
Ruble) =p sve) images directly. In v3.4, the plugin restricted such upload to editors and aCe tH e-06 35 CONFIRM 
admin, with an option to also allow author to do so. The 
description of the plugin has also been updated with a security 
warning as upload of such content is intended. 
A stored cross site scripting (XSS) vulnerability in the 
: : /admin/user/team component of LavaLite 5.8.0 allows CVE-2020-36395 
lavalite — lavalite authenticated attackers to execute arbitrary web scripts or HTML eee onade a2 MISC 
via a crafted payload entered into the "New" parameter. 
A stored cross site scripting (XSS) vulnerability in the 
: ; /admin/contact/contact component of LavaLite 5.8.0 allows CVE-2020-36397 
avait = lavalte authenticated attackers to execute arbitrary web scripts or HTML ever 35 MISC 
via a crafted payload entered into the "New" parameter. 
A stored cross site scripting (XSS) vulnerability in the 
F : /admin/roles/role component of LavaLite 5.8.0 allows CVE-2020-36396 
lavalite — lavalite authenticated attackers to execute arbitrary web scripts or HTML aCe tee 38 MISC 
via a crafted payload entered into the "New" parameter. 
An XSS issue was discovered in the SocialProfile extension in 
MediaWiki through 1.36. Within several gift-related special : . 
Wieaiawiki =< ediavala pages, a privileged user with the awardmanage right could inject 2021-07-02 35 ee 
arbitrary HTML and JavaScript within various gift-related data —- MISC 
fields. The attack could easily propagate across many pages for ——— 
many users. 
An XSS issue was discovered in the SportsTeams extension in 
MediaWiki through 1.36. Within several special pages, a CVE-2021-36131 
mediawiki -- mediawiki privileged user could inject arbitrary HTML and JavaScript within || 2021-07-02 35 MISC 
various data fields. The attack could easily propagate across MISC 
many pages for many users. 
monstra -- monstra_cms Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the 2021-07-06 3.5 CVE-2020-23697 
page feature in admin/index.php. MISC 
CVE-2021-26274 
ninjarmm -- ninjarmm The Agent in NinjaRMM 5.0.909 has Insecure Permissions. 2021-07-07 3.6 Frere 
MISC 
There's a flaw in OpenEXR's ImfDeepScanLinelnputFile 
functionality in versions prior to 3.0.5. An attacker who is able to CVE-2021-3598 
openexr -- openexr submit a crafted file to an application linked with OpenEXR could|| 2021-07-06 2A. MSC. 
cause an out-of-bounds read. The greatest risk from this flaw is hgamapaces 
to application availability. 
A stored cross site scripting (XSS) vulnerability in 
‘ ‘ /administration/settings_registration.php of PHP-Fusion 9.03.60 CVE-2020-23184 
php-fusion — php-fusion allows authenticated attackers to execute arbitrary web scripts or penenae ) MISC 
HTML via a crafted payload entered into the "Registration" field. 
A stored cross site scripting (XSS) vulnerability in 
he es veo /administration/setting_security.php of PHP-Fusion 9.03.60 “Az: CVE-2020-23185 
php Meici=? Phpemision allows authenticated attackers to execute arbitrary web scripts or veers 3.5 MISC 
HTML via a crafted payload. 
A reflected cross site scripting (XSS) vulnerability in 
php-fusion -- php-fusion /administration/theme.php of PHP-Fusion 9.03.60 allows 2021-07-02 3.5 CVE-2020-23181 


MISC 
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A stored cross site scripting (XSS) vulnerability in 
administration/settings_main.php of PHP-Fusion 9.03.50 allows 
authenticated attackers to execute arbitrary web scripts or HTML 
via a crafted payload entered into the "Site footer" field. 


Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the 
phplist -- phplist login name field in Manage Administrators when adding a new 
admin. 


A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 
and below allows attackers to execute arbitrary web scripts or 2021-07-02 35 CVE-2020-36399 
HTML via a crafted payload in the "rule1" parameter under the — MISC 

"Bounce Rules" module. 


A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 
and below allows attackers to execute arbitrary web scripts or 
HTML via a crafted payload in the "Campaign" field under the 
"Send a campaign" module. 


A stored cross site scripting (XSS) vulnerability in the "Import 
Subscribers" feature in phplist 3.5.4 and below allows 
authenticated attackers to execute arbitrary web scripts or HTML 
via a crafted payload. 


A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 
and below allows authenticated attackers to execute arbitrary 
web scripts or HTML via a crafted payload in the "admin" 
parameter under the "Manage administrators" module. 


A stored cross site scripting (XSS) vulnerability in the "Import 
phplist -- phplist emails" module in phplist 3.5.4 allows authenticated attackers to || 2021-07-02 2.5 
execute arbitrary web scripts or HTML via a crafted payload. 


Sulu is an open-source PHP content management system based 
on the Symfony framework. In versions of Sulu prior to 1.6.41, it 
is possible for a logged in admin user to add a script injection 


CVE-2020-23179 


php-fusion -- php-fusion MISG 


2021-07-02 3.5 








CVE-2020-22251 


2021-07-06 3.5 MISC 











phplist -- phplist 








CVE-2020-36398 


phplist -- phplist MISC 


2021-07-02 3.5 








CVE-2020-23194 


phplist -- phplist MISC 


2021-07-02 3.5 





CVE-2020-23192 


phplist -- phplist MISC 


2021-07-02 3.5 





CVE-2020-23190 
MISC 


a 





CVE-2021-32737 











sulu -- sulu : Pei fe : 2021-07-02 25 CONFIRM 
(cross-site-scripting) in the collection title. The problem is MISC 
patched in version 1.6.41. As a workaround, one may manually rece 
patch the affected JavaScript files in lieu of updating. 
A vulnerability in the saveCustomType function of the WP 
wp-upload-restriction_project -- Upload Restriction WordPress plugin allows low-level 2021-07-07 35 CVE-2021-34625 
wp-upload-restriction authenticated users to inject arbitrary web scripts. This issue ea MISC 
affects versions 2.2.3 and prior. 
A vulnerability in the getSelectedMimeTypesByRole function of 
wp-upload-restriction_project -- the WP Upload Restriction WordPress plugin allows low-level 2021-07-07 35 CVE-2021-34627 
wp-upload-restriction authenticated users to view custom extensions added by = MISC 
administrators. This issue affects versions 2.2.3 and prior. 





An issue was discovered in ZmMailMsgView.js in the Calendar 


Invite component in Zimbra Collaboration Suite 8.8.x before CVE -2021-55208 


or MISC 

piinbra =.callabortion 8.8.15 Patch 23. An attacker could place HTML containing 2021-07-02 3.5 MISC 
executable JavaScript inside element attributes. This markup MISC 

becomes unescaped, causing arbitrary markup to be injected MISC 





























into the document. (el 














Back to top 


Severity Not Yet Assigned 
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Vendor -- Product Pescnipuen | Published Score Info 

Improper authentication vulnerability in SCT-40CMO1SR and AT- r i 

a-stage.inc -- sct- 40CMO1SR allows an attacker to bypass access restriction and 2021-07-07 aie ee an 

40cm01sr_and_at-40cm01sr execute an arbitrary command via telnet. oo 
An out-of-bounds write vulnerability exists in the TIF 

4 bits_per_sample processing functionality of Accusoft ImageGear E : 

pecuson -imagegeal 19.9. A specially crafted malformed file can lead to memory 2021-07-08 as i oo 
corruption. An attacker can provide a malicious file to trigger this —— 
vulnerability. 
A stack-based buffer overflow vulnerability exists in the PDF 

accusoft -- imagegear process_fontname functionality of Accusoft ImageGear 19.9. A 2021-07-08 not yet |\CVE-2021-21821 
specially crafted malformed file can lead to code execution. An calculated |IMISC 
attacker can provide a malicious file to trigger this vulnerability. 
An out-of-bounds write vulnerability exists in the JPG 

; sof_nb_comp header processing functionality of Accusoft 

SacUsOH aMmagegeat ImageGear 19.8 and 19.9. A specially crafted malformed file can || 2021-07-08 Sains re eee 
lead to memory corruption. An attacker can provide a malicious bem 
file to trigger this vulnerability. 
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vulnerability can be exploited to execute arbitrary code. 
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Vendor -- Product eh ee Eabienes Score Info 
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS 
arcgis -- server_manager Server Manager version 10.8.1 and below may allow a remote 2021-07-10 not yet |\CVE-2021-29107 
unauthenticated attacker to pass and store malicious strings in calculated ||CONFIRM 
the ArcGIS Server Manager application. 
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS 
, Server version 10.8.1 and below may allow a remote attacker 
ae See ener able to convince a user to click on a crafted link which could 2021-07-10 not yet ICVE-2021-29106 
: : : ; ; calculated ||CONFIRM 
potentially execute arbitrary JavaScript code in the user’s 
browser. 
A remote arbitrary command execution vulnerability was 
discovered in Aruba ClearPass Policy Manager version(s): Prior 3 
ee Se aeenenete to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to 2021-07-08 | ToLyet oe 
Pass_policy_| 9 ClearPass Policy Manager that address this security i 
vulnerability. 
A remote arbitrary command execution vulnerability was 
discovered in Aruba ClearPass Policy Manager version(s): Prior ' : 
ee Seana yeananet to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to 2021-07-08 |} notyet ioe 
Pass_policy_| 9 ClearPass Policy Manager that address this security i 
vulnerability. 
Arba: ae A remote denial of service (DoS) vulnerability was discovered in 
ica mass eoliey Mmanader Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 2021-07-08 not yet ||(CVE-2021-29152 
Pass_policy_| 9 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy calculated MISC 
Manager that address this security vulnerability. 
anubaes A remote authentication bypass vulnerability was discovered in 
Hicarmass: wolliGe manager Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 2021-07-08 not yet |\CVE-2021-29151 
Pass_policy_| 9 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy calculated MISC 
Manager that address this security vulnerability. 
arliba A remote insecure deserialization vulnerability was discovered in 
Ameioace GollemMeRaGer Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 2021-07-08 not yet ||CVE-2021-29150 
Ppass_policy_| 9 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy calculated |IMISC 
Manager that address this security vulnerability. 
A remote arbitrary command execution vulnerability was 
aruba -- discovered in Aruba ClearPass Policy Manager version(s): Prior 
clearpass_policy_manager to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to 2021-07-08 Pit vat io acealaiia 
ClearPass Policy Manager that address this security (rman 
vulnerability. 
A remote arbitrary command execution vulnerability was 
aruba -- discovered in Aruba ClearPass Policy Manager version(s): Prior 
clearpass_policy_manager to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to 2021-07-08 Saree 7 ran 
ClearPass Policy Manager that address this security eer 
vulnerability. 
A remote arbitrary command execution vulnerability was 
aruba -- discovered in Aruba ClearPass Policy Manager version(s): Prior 
clearpass_policy_manager to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to 2021-07-08 Pl Se 7 nen 
ClearPass Policy Manager that address this security = 
vulnerability. 
A remote arbitrary command execution vulnerability was 
aruba -- discovered in Aruba ClearPass Policy Manager version(s): Prior 7 . 
clearpass_policy_manager to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to 2021-07-08 Rue ee fee 
ClearPass Policy Manager that address this security ree 
vulnerability. 
A remote arbitrary command execution vulnerability was 
aruba -- discovered in Aruba ClearPass Policy Manager version(s): Prior : 
clearpass_policy_manager to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to 2021-07-08 ee ee en 
ClearPass Policy Manager that address this security gaa 
vulnerability, 0d | 
aeieaice A remote SQL injection vulnerability was discovered in Aruba 
lacrosse poliey manager ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 2021-07-08 not yet |\CVE-2021-34609 
Pass_policy_| 9 6.8.9. Aruba has released updates to ClearPass Policy Manager calculated |IMISC 
that address this security vulnerability. 
A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 
2012, 2011 can be forced to read and write beyond allocated not yet ||CVE-2021-27039 
pulodeeloeraulodeel: boundaries when parsing the TIFF file. This vulnerability can be 2021-07-09 |! -aiculated |IMISC 
exploited to execute arbitrary code. 
A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 
2017, 2013, 2012, 2011 can be used to attempt to free an object 
autodesk -- autodesk that has already been freed while parsing them. This 2021-07-09 Blane 7 rnnees 
vulnerability can be exploited by remote attackers to execute ifs 
arbitrary code. 
A heap-based buffer overflow could occur while parsing PICT or . 
autodesk -- autodesk TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This apaio7e | Te eee 
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autodesk -- autodesk 


A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 
2012, 2011 can occur when processing a maliciously crafted 


PDF file. An attacker can leverage this to execute arbitrary code. 


2021-07-09 


; 


not yet 
calculated 


CVE-2021-27038 
MISC 





autodesk -- autodesk 


A maliciously crafted PDF, PICT or TIFF file can be used to write 
beyond the allocated buffer while parsing PDF, PICT or TIFF 
files in Autodesk 2018, 2017, 2013, 2012, 2011. This 
vulnerability can be exploited to execute arbitrary code. 


2021-07-09 


not yet 
calculated 


CVE-2021-27036 
MISC 








autodesk -- autodesk 


A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 
2018, 2017, 2013, 2012, 2011 can be forced to read beyond 
allocated boundaries when parsing the TIFF, PDF, PICT or DWF 
files. This vulnerability can be exploited to execute arbitrary 
code. 


2021-07-09 


not yet 
calculated 


CVE-2021-27035 
MISC 








autodesk -- design_review 


A Double Free vulnerability allows remote attackers to execute 
arbitrary code on PDF files within affected installations of 
Autodesk Design Review. User interaction is required to exploit 
this vulnerability in that the target must visit a malicious page or 
open a malicious file. 


2021-07-09 


not yet 
calculated 


CVE-2021-27033 
MISC 





baigo -- cms 


A cross site scripting vulnerability in baigo CMS v4.0-beta-1 
allows attackers to execute arbitrary web scripts or HTML via the 
form parameter post to /public/console/profile/info-submit/. 


2021-07-08 


not yet 
calculated 


CVE-2020-20584 


MISC 
MISC 
MISC 
MISC 








blackcat_cms -- blackcat_cms 


A stored cross site scripting (XSS) vulnerability in the 'Admin- 
Tools’ feature of BlackCat CMS 1.3.6 allows authenticated 
attackers to execute arbitrary web scripts or HTML via crafted 
payloads entered into the 'Output Filters' and 'Droplets' modules. 


2021-07-09 


not yet 
calculated 


CVE-2020-25878 
MISC 
MISC 








blackcat_cms -- blackcat_cms 


A stored cross site scripting (XSS) vulnerability in the 'Add Page’ 
feature of BlackCat CMS 1.3.6 allows authenticated attackers to 
execute arbitrary web scripts or HTML via a crafted payload 
entered into the 'Title’ parameter. 


2021-07-09 


not yet 
calculated 


CVE-2020-25877 
MISC 
MISC 





Cisco -- 
adaptive_security_device_manager 


A vulnerability in the Cisco Adaptive Security Device Manager 


(ASDM) Launcher could allow an unauthenticated, remote 
attacker to execute arbitrary code on a user's operating system. 
This vulnerability is due to a lack of proper signature verification 
for specific code exchanged between the ASDM and the 
Launcher. An attacker could exploit this vulnerability by 
leveraging a man-in-the-middle position on the network to 
intercept the traffic between the Launcher and the ASDM and 
then inject arbitrary code. A successful exploit could allow the 
attacker to execute arbitrary code on the user's operating system 
with the level of privileges assigned to the ASDM Launcher. A 
successful exploit may require the attacker to perform a social 
engineering attack to persuade the user to initiate 
communication from the Launcher to the ASDM. 


2021-07-08 


not yet 
calculated 


CVE-2021-1585 
CISCO 


= 





cisco -- asyncos 


A vulnerability in the configuration management of Cisco 
AAsyncOS for Cisco Web Security Appliance (WSA) could allow 
an authenticated, remote attacker to perform command injection 
and elevate privileges to root. This vulnerability is due to 
insufficient validation of user-supplied XML input for the web 
interface. An attacker could exploit this vulnerability by uploading 
crafted XML configuration files that contain scripting code to a 
vulnerable device. A successful exploit could allow the attacker 
to execute arbitrary commands on the underlying operating 
system and elevate privileges to root. An attacker would need a 
valid user account with the rights to upload configuration files to 
exploit this vulnerability. 


2021-07-08 


not yet 
calculated 


CVE-2021-1359 
CISCO 





cisco -- 
broadworks_application_server 








A vulnerability in the XSI-Actions interface of Cisco BroadWorks 


Application Server could allow an authenticated, remote attacker 
to access sensitive information on an affected system. This 
vulnerability is due to improper input validation and authorization 
of specific commands that a user can execute within the XSI- 
Actions interface. An attacker could exploit this vulnerability by 
authenticating to an affected device and issuing a specific set of 
commands. A successful exploit could allow the attacker to join a 
Call Center instance and have calls that they do not have 
permissions to access distributed to them from the Call Center 
queue. At the time of publication, Cisco had not released 
updates that address this vulnerability for Cisco BroadWorks 





Application Server. However, firmware patches are available. 





2021-07-08 








not yet 
calculated 








CVE-2021-1562 
CISCO 


7 
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Multiple vulnerabilities in the web-based management interface 
of Cisco Business Process Automation (BPA) could allow an 
authenticated, remote attacker to elevate privileges to 
Administrator. These vulnerabilities are due to improper 
authorization enforcement for specific features and for access to 
log files that contain confidential information. An attacker could 
exploit these vulnerabilities either by submitting crafted HTTP 
messages to an affected system and performing unauthorized 
actions with the privileges of an administrator, or by retrieving 
sensitive data from the logs and using it to impersonate a 
legitimate privileged user. A successful exploit could allow the 
attacker to elevate privileges to Administrator. 


Multiple vulnerabilities in the web-based management interface 
of Cisco Business Process Automation (BPA) could allow an 
authenticated, remote attacker to elevate privileges to 
Administrator. These vulnerabilities are due to improper 
authorization enforcement for specific features and for access to 
log files that contain confidential information. An attacker could 
exploit these vulnerabilities either by submitting crafted HTTP 
messages to an affected system and performing unauthorized 
actions with the privileges of an administrator, or by retrieving 
sensitive data from the logs and using it to impersonate a 
legitimate privileged user. A successful exploit could allow the 
attacker to elevate privileges to Administrator. 


Multiple vulnerabilities in the web-based management interface 
of Cisco Identity Services Engine (ISE) could allow an 
authenticated, remote attacker to conduct a stored cross-site 
scripting (XSS) attack against a user. These vulnerabilities exist 
because the web-based management interface does not 
sufficiently validate user-supplied input. An attacker could exploit 
these vulnerabilities by injecting malicious code into specific 
pages of the interface. A successful exploit could allow the 
attacker to execute arbitrary script code in the context of the 
affected interface or access sensitive, browser-based 
information. To exploit these vulnerabilities, the attacker would 
need valid administrative credentials. 


Multiple vulnerabilities in the web-based management interface 
of Cisco Identity Services Engine (ISE) could allow an 
authenticated, remote attacker to conduct a stored cross-site 
scripting (XSS) attack against a user. These vulnerabilities exist 
because the web-based management interface does not 

cisco -- identity_services_engine _ ||sufficiently validate user-supplied input. An attacker could exploit 
these vulnerabilities by injecting malicious code into specific 
pages of the interface. A successful exploit could allow the 
attacker to execute arbitrary script code in the context of the 
affected interface or access sensitive, browser-based 
information. To exploit these vulnerabilities, the attacker would 
need valid administrative credentials. 


Multiple vulnerabilities in the web-based management interface 
of Cisco Identity Services Engine (ISE) could allow an 
authenticated, remote attacker to conduct a stored cross-site 
scripting (XSS) attack against a user. These vulnerabilities exist 
because the web-based management interface does not 

cisco -- identity_services_engine _ |sufficiently validate user-supplied input. An attacker could exploit 
these vulnerabilities by injecting malicious code into specific 
pages of the interface. A successful exploit could allow the 
attacker to execute arbitrary script code in the context of the 
affected interface or access sensitive, browser-based 
information. To exploit these vulnerabilities, the attacker would 
need valid administrative credentials. 


Multiple vulnerabilities in the web-based management interface 
of Cisco Identity Services Engine (ISE) could allow an 
authenticated, remote attacker to conduct a stored cross-site 
scripting (XSS) attack against a user. These vulnerabilities exist 
because the web-based management interface does not 

cisco -- identity_services_engine _ |/sufficiently validate user-supplied input. An attacker could exploit 
these vulnerabilities by injecting malicious code into specific 
pages of the interface. A successful exploit could allow the 
attacker to execute arbitrary script code in the context of the 
affected interface or access sensitive, browser-based 
information. To exploit these vulnerabilities, the attacker would 
need valid administrative credentials. 


CiSCO -- 


‘ . not yet ||(CVE-2021-1574 
business_process_automation 


2021-07-08 | calculated CISCO 





CiSCO -- 


business_process_automation NOt yet Sve enters 


2021-07-08 calculated ||CISCO 








not yet ||\CVE-2021-1607 


2021-07-08 calculated ||CISCO 


cisco -- identity_services_engine 








not yet ||(CVE-2021-1606 


ete tvins calculated ||CISCO 








not yet ||(CVE-2021-1605 


202 Oi-08 calculated ||CISCO 





not yet |[CVE-2021-1604 


2021-07-08 | calculated CISCO 
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cisco -- identity_services_engine 


Multiple vulnerabilities in the web-based management interface 
of Cisco Identity Services Engine (ISE) could allow an 
authenticated, remote attacker to conduct a stored cross-site 
scripting (XSS) attack against a user. These vulnerabilities exist 
because the web-based management interface does not 
sufficiently validate user-supplied input. An attacker could exploit 
these vulnerabilities by injecting malicious code into specific 
pages of the interface. A successful exploit could allow the 
attacker to execute arbitrary script code in the context of the 
affected interface or access sensitive, browser-based 
information. To exploit these vulnerabilities, the attacker would 
need valid administrative credentials. 


2021-07-08 


not yet 
calculated 


CVE-2021-1603 
CISCO 





cisco -- 


Multiple vulnerabilities in the Link Layer Discovery Protocol 
(LLDP) implementation for Cisco Video Surveillance 7000 Series 
IP Cameras could allow an unauthenticated, adjacent attacker to 
cause a memory leak, which could lead to a denial of service 
(DoS) condition on an affected device. These vulnerabilities are 
due to incorrect processing of certain LLDP packets at ingress 
time. An attacker could exploit these vulnerabilities by sending 


Vvideo_surveillance_7000_ip_camerasafted LLDP packets to an affected device. A successful exploit 


could allow the attacker to cause the affected device to 
continuously consume memory, which could cause the device to 
crash and reload, resulting in a DoS condition. Note: LLDP is a 
Layer 2 protocol. To exploit these vulnerabilities, an attacker 
must be in the same broadcast domain as the affected device 
(Layer 2 adjacent). 


2021-07-08 


not yet 
calculated 


CVE-2021-1598 
CISCO 





cisco -- 


video_surveillance_7000_series_ip 


Multiple vulnerabilities in the Link Layer Discovery Protocol 
(LLDP) implementation for Cisco Video Surveillance 7000 Series 
IP Cameras could allow an unauthenticated, adjacent attacker to 
cause a memory leak, which could lead to a denial of service 
(DoS) condition on an affected device. These vulnerabilities are 
due to incorrect processing of certain LLDP packets at ingress 
time fn attacker could exploit these vulnerabilities by sending 
HerantedsLDP packets to an affected device. A successful exploit 
could allow the attacker to cause the affected device to 
continuously consume memory, which could cause the device to 
crash and reload, resulting in a DoS condition. Note: LLDP is a 
Layer 2 protocol. To exploit these vulnerabilities, an attacker 
must be in the same broadcast domain as the affected device 
(Layer 2 adjacent). 


2021-07-08 


not yet 
calculated 


CVE-2021-1597 
CISCO 








cisco -- 


video_surveillance_7000_series_ip 


Multiple vulnerabilities in the Link Layer Discovery Protocol 
(LLDP) implementation for Cisco Video Surveillance 7000 Series 
IP Cameras could allow an unauthenticated, adjacent attacker to 
cause a memory leak, which could lead to a denial of service 
(DoS) condition on an affected device. These vulnerabilities are 
due to incorrect processing of certain LLDP packets at ingress 
time fAn attacker could exploit these vulnerabilities by sending 
Hefattsd LLDP packets to an affected device. A successful exploit 
could allow the attacker to cause the affected device to 
continuously consume memory, which could cause the device to 
crash and reload, resulting in a DoS condition. Note: LLDP is a 
Layer 2 protocol. To exploit these vulnerabilities, an attacker 
must be in the same broadcast domain as the affected device 
(Layer 2 adjacent). 


2021-07-08 


not yet 
calculated 


CVE-2021-1595 
CISCO 








cisco -- 





Multiple vulnerabilities in the Link Layer Discovery Protocol 
(LLDP) implementation for Cisco Video Surveillance 7000 Series 
IP Cameras could allow an unauthenticated, adjacent attacker to 
cause a memory leak, which could lead to a denial of service 
(DoS) condition on an affected device. These vulnerabilities are 
due to incorrect processing of certain LLDP packets at ingress 
time. An attacker could exploit these vulnerabilities by sending 


video_surveillance_7000_series_ip Caren 


Hcrattea LDP packets to an affected device. A successful exploit 
could allow the attacker to cause the affected device to 
continuously consume memory, which could cause the device to 
crash and reload, resulting in a DoS condition. Note: LLDP is a 
Layer 2 protocol. To exploit these vulnerabilities, an attacker 
must be in the same broadcast domain as the affected device 
(Layer 2 adjacent). 











2021-07-08 








not yet 
calculated 








CVE-2021-1596 
CISCO 
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exists that does not require client certificate authentication. The 
attacker must send an SNI specifying an unprotected backend 
and an HTTP Host header specifying a protected backend. 
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A vulnerability in the web-based management interface of Cisco 
Virtualized Voice Browser could allow an unauthenticated, 
remote attacker to conduct a cross-site scripting (XSS) attack 
against a user of the interface. This vulnerability exists because 
cisco -- virtualized_voice_browser ||the web-based management interface does not properly validate 2021-07-08 not yet ||(CVE-2021-1575 
user-supplied input. An attacker could exploit this vulnerability by calculated ||CISCO 
persuading a user of an affected interface to click a crafted link. 
A successful exploit could allow the attacker to execute arbitrary 
script code in the context of the affected interface or access 
sensitive, browser-based information. 
A stored cross site scripting (XSS) vulnerability in the 'Manage 
Users' feature of Codoforum v5.0.2 allows authenticated not yet CVE-2020-25879 
codoforum -- codoforum : : : 2021-07-09 MISC 
attackers to execute arbitrary web scripts or HTML via a crafted calculated MISC 
payload entered into the 'Username' parameter. (cena 
A stored cross site scripting (XSS) vulnerability in the 'Smileys' CVE-2020-25875 
codoforum -- codoforum feature of Codoforum v5.0.2 allows authenticated attackers to 2021-07-09 not yet MSC... 
execute arbitrary web scripts or HTML via crafted payload calculated MISC 
entered into the 'Smiley Code' parameter. fe 
A stored cross site scripting (XSS) vulnerability in the 'Pages' CVE-2020-25876 
codoforum -- codoforum feature of Codoforum v5.0.2 allows authenticated attackers to 2021-07-09 not yet MISC. 
execute arbitrary web scripts or HTML via crafted payload calculated MISC 
entered into the 'Page Title’ parameter. ——— 
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows 
attackers to execute arbitrary web scripts or HTML via a crafted not yet ||\CVE-2020-25391 
eee se eeenalts payload entered into the 'New Pages' field under the 'Pages 2021-07-09 | calculated |MISC 
Content’ module. 
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 
CSZ-CMs -- cSz-cms allows attackers to execute arbitrary web scripts or HTML via a 2021-07-09 not yet ||\CVE-2020-25392 
crafted payload entered into the 'New Article’ field under the calculated |IMISC 
‘Article’ plugin. 
. F A stored cross site scripting (XSS) vulnerability in 
area or enna kai dotAdmin/#ic/c_Images of dotCMS 21.05.1 allows authenticated | 4454.97.99 || notyet |CVE-2021-35358 
attackers to execute arbitrary web scripts or HTML via a crafted calculated MISC 
payload entered into the 'Title' and 'Filename' parameters. 
dotAdmin/#/c/containers -- A reflected cross site scripting (XSS) vulnerability in 
dotAdmin/#/c/containers dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to | 2021-07-09 Rani 7 arnnata 
execute arbitrary commands or HTML via a crafted payload. (econ 
dotAdmin/#/c/containers -- A reflected cross site scripting (XSS) vulnerability in 
dotAdmin/#/c/containers dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to | 2021-07209 | OOS ee 
execute arbitrary commands or HTML via a crafted payload. (eens 
: : Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in 
ecplise — tinydtls the C library, which makes it easier for remote attackers to 2021-07-08 i ae aaa 
compute the master key and then decrypt DTLS traffic. aTlT————e 
EdgeX Foundry is an open source project for building a common 
open framework for internet-of-things edge computing. A 
vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi 
versions of the software. When the EdgeX API gateway is 
configured for OAuth2 authentication and a proxy user is 
created, the client_id and client_secret required to obtain an 
OAuth2 authentication token are set to the username of the 
proxy user. A remote network attacker can then perform a 
dictionary-based password attack on the OAuth2 token endpoint CVE-2021-32753 
edgex -- foundry of the API gateway to obtain an OAuth2 authentication token and 2021-07-09 not yet MSC. 
use that token to make authenticated calls to Edgex calculated CONFIRM 
microservices from an untrusted network. OAuth2 is the default re 
authentication method in EdgeX Edinburgh release. The default 
authentication method was changed to JWT in Fuji and later 
releases. Users should upgrade to the EdgeX Ireland release to 
obtain the fix. The OAuth2 authentication method is disabled in 
Ireland release. If unable to upgrade and OAuth2 authentication 
is required, users should create OAuth2 users directly using the 
Kong admin API and forgo the use of the “security-proxy-setup” 
tool to create OAuth2 users. 
elecom — multiple_products WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all netvel CVE-2021-20738 
= versions allow an unauthenticated network-adjacent attacker to 2021-07-07 Pati eo MISC 
obtain sensitive information via unspecified vectors. MISC 
Emissary-Ingress (formerly Ambassador API Gateway) through 
1.13.9 allows attackers to bypass client certificate requirements 
emissary-ingress -- emissary- (i.e., MTLS cert_required) on backend upstreams when more 
ingress than one TLSContext is defined and at least one configuration 2021-07-09 ce fee 
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7/12/2021 Vulnerability Summary for the Week of July 5, 2021 
Primary bas . CVSS Source & Patch 
Vendor -- Product Beseupuon | Eapenes Score Info 
Ether Logs is a package that allows one to check one's logs in 
the Craft 3 utilities section. A vulnerability was found in versions CVE-2021-32752 
ether_logs -- ether_logs prior to 3.0.4 that allowed authenticated admin users to access 2021-07-09 not yet CONFIRM 
any file on the server. The vulnerability has been fixed in version calculated |, a. 
MISC 
3.0.4. As a workaround, one may disable the plugin if Fee 
untrustworthy sources have admin access. 
forks fork Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows notvet CVE-2021-28931 
attackers to create or replace arbitrary files in the /themes 2021-07-07 selected MISC 
directory via a crafted zip file uploaded to the Themes panel. MISC 
An improper neutralization of special elements used in an OS 
; F Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 
fortinet —fortap and 6.2.4 through 6.2.5 may allow an authenticated attacker to 2021-07-09 ia he ne 
execute unauthorized commands by running the kdbg CLI —— 
command with specifically crafted arguments. 
Multiple improper neutralization of special elements of SQL 
fortinet -- fortimail commands vulnerabilities in FortiMail before 6.4.4 may allow a 2021-07-09 not yet ||\CVE-2021-24007 
non-authenticated attacker to execute unauthorized code or calculated ||CONFIRM 
commands via specifically crafted HTTP requests. 
A missing cryptographic step in the implementation of the hash 
Ron eae ew raneee digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 i e 
foninetssrerima|l through 6.2.7 may allow an unauthenticated attacker to tamper 2021-07-09 eae eovs oT an 
with signed URLs by appending further data which allows ner 
bypass of signature verification. 
A missing cryptographic step in the Identity-Based Encryption 
, etn service of FortiMail before 7.0.0 may allow an unauthenticated 
fore L tral attacker who intercepts the encrypted messages to manipulate 2021-07-09 Pa ba ne 
them in such a way that makes the tampering and the recovery ———— 
of the plaintexts possible. 
Multiple instances of incorrect calculation of buffer size in the 
: Foeer Webmail and Administrative interface of FortiMail before 6.4.5 
fortinet = fortimall may allow an authenticated attacker with regular webmail access||_ 2021-07-09 eat cae cacy a 
to trigger a buffer overflow and to possibly execute unauthorized oo 
code or commands via specifically crafted HTTP requests. 
A concurrent execution using shared resource with improper 
Be oe ps synchronization (‘race condition’) in the command shell of e z 
PONE Seb EanGney FortiSandbox before 3.2.2 may allow an authenticated attacker 2021-07-09 notyet |CvE=2020-25014 
: : : : a calculated ||CONFIRM 
to bring the system into an unresponsive state via specifically 
orchestrated sequences of commands. 
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 
foxit -- reader produce incorrect PDF document signatures because the 2021-07-09 not yet ||CVE-2021-33795 
certificate name, document owner, and signature author are calculated ||MISC 
mishandled. 
. Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have 
omit ayieaaeh an out-of-bounds write via a crafted /Size key in the Trailer 2021-07-09 Pel Ae i ene 
dictionary. = 
; Improper input validation vulnerability in AR Emoji Editor prior to 
google — android version 4.4.03.5 in Android Q(10.0) and above allows untrusted || 2021-07-08 not yet HEVE-2021-25441 
one : é : ip: calculated |IMISC 
applications to access arbitrary files with an escalated privilege. 
Improper authorization in handler for custom URL scheme 
google -- android vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 2021-07-07 not yet ||\CVE-2021-20777 
allows a remote attacker to lead a user to access an arbitrary calculated |IMISC 
website via the vulnerable App. 
In HMS Ewon eCatcher through 6.6.4, weak filesystem 7 areal 
hms -- ewon_ecatcher permissions could allow malicious users to access files that 2021-07-09 not yet MISC 
could lead to sensitive information disclosure, modification of calculated MISC 
configuration files, or disruption of normal system operation. MISC 
ibm -- IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, not vet CVE-2021-29759 
app_connect_enterprise_certified_cant&ihércould allow a privileged user to obtain sensitive 2021-07-07 y XE 
calculated 
information from internal log files. IBM X-Force ID: 202212. CONFIRM 
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does CVE-2021-20474 
ibm -- guardium_data_encryption ||not perform any authentication for functionality that requires a 2021-07-07 not yet CONFIRM. 
provable user identity or consumes a significant amount of calculated XE 
resources. — 
ibm -- injection. A remote attacker could send specially crafted SQL aelvel CVE-2021-29730 
infosphere_information_server statements, which could allow the attacker to view, add, modify 2021-07-09 ene ae XE 











or delete information in the back-end database. IBM X-Force ID: 
201164. 

















CONFIRM 
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7/12/2021 Vulnerability Summary for the Week of July 5, 2021 
Primary sas A CVSS Source & Patch 
Vendor -- Product cach sai Eapienes Score Info 
IBM InfoSphere Information Server 11.7 is vulnerable to cross- 
ibm -- site scripting. This vulnerability allows users to embed arbitrary niei-vet CVE-2021-29712 
infosphere_information_server JavaScript code in the Web UI thus altering the intended 2021-07-09 Sed CONFIRM 
functionality potentially leading to credentials disclosure within a XF 
trusted session. IBM X-Force ID: 200966. 
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 
‘hig <suphanicede: davie 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 nok wel CVE-2021-29711 
—ceploy could allow an authenticated user with certain permissions to 2021-07-08 seine CONFIRM 
initiate an agent upgrade through the CLI interface. IBM X-Force AE 
ID: 200965. 
A privilege escalation vulnerability exists in the way |OBit 
Advanced SystemCare Ultimate 14.2.0.220 driver handles 
Privileged I/O write requests. During IOCTL O0x9c40a0dc, the first 
iobit -- dword passed in the input buffer is the device port to write to and 7 r 
advanced_systemcare_ultimate the word at offset 4 is the value to write via the OUT instruction. || 2021-07-07 ce a d cn 
The OUT instruction can write one byte to the given I/O device Hic 
port, potentially leading to escalated privileges of unprivileged 
users. A local attacker can send a malicious IRP to trigger this 
vulnerability. 
A privilege escalation vulnerability exists in the way |OBit 
Advanced SystemCare Ultimate 14.2.0.220 driver handles 
iobit -- Privileged I/O write requests. During IOCTL Ox9c40a0d8, the 
aavanGEe Sustemicare: aliaiE first dword passed in the input buffer is the device port to write to 2021-07-07 not yet ||\CVE-2021-21787 
SY = and the byte at offset 4 is the value to write via the OUT calculated MISC 
instruction. The OUT instruction can write one byte to the given 
I/O device port, potentially leading to escalated privileges of 
unprivileged users. 
A privilege escalation vulnerability exists in the way |OBit 
Advanced SystemCare Ultimate 14.2.0.220 driver handles 
iobit -- Privileged I/O write requests. During IOCTL Ox9c40a0e0, the . 4 
advanced_systemcare_ultimate first dword passed in the input buffer is the device port to write to || 2021-07-07 Saree fee 
and the dword at offset 4 is the value to write via the OUT Hean aes 
instruction. A local attacker can send a malicious IRP to trigger 
this vulnerability. 
A privilege escalation vulnerability exists in the IOCTL 
iobit -- 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 
advanced_systemcare_ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead || 2021-07-07 not yet |CVE-2021-21786 
; sh hee calculated |IMISC 
to increased privileges. An attacker can send a malicious IRP to 
trigger this vulnerability. 
— : wae not yet |I\CVE-2021-30121 
kaseya -- vsa Local file inclusion exists in Kaseya VSA before 9.5.6. 2021-07-09 calculated |IMISC 
. nae nape not yet |(CVE-2021-30119 
kaseya -- vsa Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. | 2021-07-09 calculated |IMISC 
kaseya -- vsa Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA 2021-07-09 not yet |\CVE-2021-30120 
requirement. calculated |IMISC 
kaseya -- vsa re aon not yet ||(CVE-2021-30117 
SQL injection exists in Kaseya VSA before 9.5.6. | 2021-07-09 calculated MISC 
kaseya — vsa Kaseya VSA before 9.5.5 allows remote code execution. 2021-07-09 NOE! ae 
calculated |IMISC 
kaseya -- vsa An XML External Entity (XXE) issue exists in Kaseya VSA before 2021-07-09 not yet |I\CVE-2021-30201 
9.5.6. calculated |IMISC 
A flaw was found in keycloak-model-infinispan in keycloak 
versions before 14.0.0 where authenticationSessions map in not yet ||\CVE-2021-3637 
keycloak -- keycloak RootAuthenticationSessionEntity grows boundlessly which could rac ai calculated |IMISC 
lead to a DoS attack. 
lavalite-cms -- lavalite-cms Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 2021-07-07 not yet ||\CVE-2020-23700 
via the Menu Links feature. calculated MISC 
, : A flaw was found in libxml2. Exponential entity expansion attack 
iibeatinl2. == libel its possible bypassing all existing protection mechanisms and 2021-07-09 not yet CVE-2021-3541 
: ; ; calculated MISC 
leading to denial of service. 
An out-of-bounds memory write flaw was found in the Linux 
kernel's joystick devices subsystem in versions before 5.9-rc1, in 
lintse= Iinuok keel the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a not vet CVE-2021-3612 
= local user to crash the system or possibly escalate their 2021-07-09 died MISC 
privileges on the system. The highest threat from this MISC 











vulnerability is to confidentiality, integrity, as well as system 
availability. 
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crafted AMF file can lead to code execution. An attacker can 
provide a malicious file to trigger this vulnerability. 

















Primary sas . CVSS Source & Patch 
Vendor -- Product tec seana Eapienes Score Info 
kernel/module.c in the Linux kernel before 5.12.14 mishandles CVE-2021-35039 
linweecdinua keel Signature Verification, aka CID-0c18f29aae7c. Without rieivet MISC 
= CONFIG_MODULE_SIG, verification that a kernel module is 2021-07-07 Seed CONFIRM 
signed, for loading via init_module, does not occur for a CONFIRM 
module.sig_enforce=1 command-line argument. MLIST 
A flaw was found in the ptp4! program of the linuxptp package. A 
missing length check when forwarding a PTP message between 
ports allows a remote attacker to cause an information leak, 
linuxptp -- linuxptp crash, or potentially remote code execution. The highest threat 2021-07-09 not yet |(CVE-2021-3570 
from this vulnerability is to data confidentiality and integrity as calculated |IMISC 
well as system availability. This flaw affects linuxptp versions 
before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 
1.7.1, before 1.6.1 and before 1.5.1. 
A flaw was found in the ptp4! program of the linuxptp package. 
When ptp4l is operating on a little-endian architecture as a PTP 
; , transparent clock, a remote attacker could send a crafted one- 
linuxptp — linuxptp step sync message to cause an information leak or crash. The 2021-07-09 i sae ee 
highest threat from this vulnerability is to data confidentiality and beara 
system availability. This flaw affects linuxptp versions before 
3.1.1 and before 2.0.1. 
‘ A SQL injection vulnerability in /question.php of LJCMS Version : : 
Jemsro votes) v4.3.R60321 allows attackers to obtain sensitive database 2021-07-08 Pa i (oe 
information. (i 
Leelee A blind SQL injection in /admin/?n=logs&c=index8a=dode of adtvee. NEE 
Metinfo 7.0 beta allows attackers to access sensitive database 2021-07-08 Sniicied MISC 
information. MISC 
Mikrotik RouterOs before 6.47 (stable tree) suffers from an 7 : 
mikrotik -- routeros uncontrolled resource consumption vulnerability in the not yet. lkaaa 
ikrotik t lled : | bility in th ree ee oe 20217 
/nova/bin/route process. An authenticated remote attacker can calculated MISC 
cause a Denial of Service due to overloading the systems CPU. —— 
: : A server side request forgery (SSRF) vulnerability in 7 z 
SaID CMS atin ems /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers | 2021-07-08 |) Ol Yet fee 
to access sensitive information. (aa 
A stored cross site scripting (XSS) vulnerability in moziloCMS 
mozilocms -- mozilocms 2.0 allows authenticated attackers to execute arbitrary web 2021-07-09 not yet ||CVE-2020-25394 
scripts or HTML via a crafted payload entered into the "Content" calculated MISC 
parameter. 
When configuring Octopus Server if it is configured with an : : 
OGROPUS == SOIVer external SQL database, on initial configuration the database 2021-07-08 a ba ana 
password is written to the OctopusServer.txt log file in plaintext. ——— 
When configuring Octopus Server if it is configured with an i F 
OOPS = SOIVer external SQL database, on initial configuration the database 2021-07-08 a hae oe 
password is written to the OctopusServer.txt log file in plaintext. ——— 
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an 
. : attacker to craft a project file specifying a URI that causes the 
panasonic -- fpwin_pro XML parser to access the URI and embed the contents, which 2021-07-09 Pc sie nai 
may allow the attacker to disclose information that is accessible ——- 
in the context of the user executing software. 
CVE-2020-20363 
pbootcms -- pbootcms Crossi Site Scripting (XSS) vulnerability in PoootCMS 2.0.3 in 2021-07-08 not yet |IMISC 
admin.php. calculated MISC 
MISC 
pbootcms -- pbootcms Incorrect Access Control vulnerability in PoootCMS 2.0.6 via the 2021-07-09 not yet ||CVE-2020-22535 
list parameter in the update function in upgradecontroller.php. calculated |IMISC 
pbootcms -- pbootcms Remote Code Execution vulnerability in PbootCMS 2.0.8 in the 2021-07-08 not yet ||\CVE-2020-23580 
message board. calculated MISC 
achasiOh who tUSIbn Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 natu CVE-2020-23702 
a aed via 'New Shout' in 2021-07-07 | euisted [MISC 
/infusions/shoutbox_panel/shoutbox_admin.php. MISC 
This affects the package pimcore/pimcore before 10.0.7. This 
‘ ‘ issue exists due to the absence of check on the storeld CVE-2021-23405 
imcore -- pimcore not yet 
e P parameter in the method collectionsActionGet and 2021-07-09 ee MISC 
groupsActionGet method within the ClassificationstoreController MISC 
class. 
An out-of-bounds write vulnerability exists in the Admesh 
: stl_fix_normal_directions() functionality of Prusa Research . z 
prusa_research ~ prusasiicer I prysaSlicer 2.2.0 and Master (commit 4b040b856). A specially |) 2021-07-08 | "Ot yet tee 
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publiccms -- publiccms 


Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get 
an admin cookie when the Administrator reviews submit case. 


| 2021-07-09 


not yet 


calculated 


CVE-2020-21333 
MISC 





putty -- putty 


PuTTY through 0.75 proceeds with establishing an SSH session 


even if it has never sent a substantive authentication response. 
This makes it easier for an attacker-controlled SSH server to 
present a later spoofed authentication prompt (that the attacker 
can use to capture credential data, and use that data for 
purposes that are undesired by the client user). 


2021-07-09 


not yet 
calculated 


CVE-2021-36367 
MISC 
MISC 








qnap -- hbs_3 


An improper access control vulnerability has been reported to 
affect certain legacy versions of HBS 3. If exploited, this 
vulnerability allows attackers to compromise the security of the 
operating system.QNAP have already fixed this vulnerability in 
the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 
and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: 
HBS 3 v3.0.210506 and later 


2021-07-08 


not yet 
calculated 


CVE-2021-28809 
MISC 
MISC 








realtek -- had 


Realtek HAD contains a driver crashed vulnerability which allows 
local side attackers to send a special string to the kernel driver in 
a user’s mode. Due to unexpected commands, the kernel driver 
will cause the system crashed. A vulnerability in 

COMPONENT. of Realtek HDA driver allows 

ATTACKER/AT TACK to cause IMPACT. . This 
issue affects: Realtek HDA driver 8155 version 9150 and prior 
versions. 


2021-07-07 


not yet 
calculated 


CVE-2021-32537 
CONFIRM 








rockwell_ automation -- 
micrologix_1100 


Rockwell Automation MicroLogix 1100, all versions, allows a 
remote, unauthenticated attacker sending specially crafted 
commands to cause the PLC to fault when the controller is 
switched to RUN mode, which results in a denial-of-service 
condition. If successfully exploited, this vulnerability will cause 
the controller to fault whenever the controller is switched to RUN 
mode. 


2021-07-09 


not yet 
calculated 


CVE-2021-33012 
MISC 





ruby -- ruby 


Addressable is an alternative implementation to the URI 
implementation that is part of Ruby's standard library. An 
uncontrolled resource consumption vulnerability exists after 
version 2.3.0 through version 2.7.0. Within the URI template 
implementation in Addressable, a maliciously crafted template 
may result in uncontrolled resource consumption, leading to 
denial of service when matched against a URI. In typical usage, 
templates would not normally be read from untrusted user input, 
but nonetheless, no previous security advisory for Addressable 
has cautioned against doing this. Users of the parsing 
capabilities in Addressable but not the URI template capabilities 
are unaffected. The vulnerability is patched in version 2.8.0. As a 
workaround, only create Template objects from trusted sources 
that have been validated not to produce catastrophic 
backtracking. 


2021-07-06 


not yet 
calculated 


CVE-2021-32740 
CONFIRM 
MISC 








rukovoditel -- rukovoditel 


A stored cross site scripting (XSS) vulnerability in the ‘Entities 
List' feature of Rukovoditel 2.7.2 allows authenticated attackers 
to execute arbitrary web scripts or HTML via a crafted payload 
entered into the 'Name' parameter. 


2021-07-09 


not yet 
calculated 


CVE-2020-35987 
MISC 








rukovoditel -- rukovoditel 


A stored cross site scripting (XSS) vulnerability in the 'Global 
Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers 
to execute arbitrary web scripts or HTML via a crafted payload 
entered into the 'Name' parameter. 


2021-07-09 


not yet 
calculated 


CVE-2020-35985 
MISC 





rukovoditel -- rukovoditel 


A stored cross site scripting (XSS) vulnerability in the 'Users 


Access Groups' feature of Rukovoditel 2.7.2 allows 
authenticated attackers to execute arbitrary web scripts or HTML 
via a crafted payload entered into the 'Name' parameter. 


2021-07-09 


not yet 
calculated 


CVE-2020-35986 
MISC 





rukovoditel -- rukovoditel 


A stored cross site scripting (XSS) vulnerability in the 'Users 
Alerts' feature of Rukovoditel 2.7.2 allows authenticated 
attackers to execute arbitrary web scripts or HTML via a crafted 
payload entered into the 'Title' parameter. 


2021-07-09 


not yet 
calculated 


CVE-2020-35984 
MISC 








rust -- hyper 








hyper is an HTTP library for Rust. In versions prior to 0.14.10, 
hyper's HTTP server and client code had a flaw that could trigger 
an integer overflow when decoding chunk sizes that are too big. 
This allows possible data loss, or if combined with an upstream 
HTTP proxy that allows chunk sizes larger than hyper does, can 
result in "request smuggling" or "desync attacks." The 
vulnerability is patched in version 0.14.10. Two possible 
workarounds exist. One may reject requests manually that 
contain a ‘Transfer-Encoding header or ensure any upstream 
proxy rejects “Transfer-Encoding’ chunk sizes greater than what 
fits in 64-bit unsigned integers. 








2021-07-07 








not yet 
calculated 








CVE-2021-32714 
CONFIRM 
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Primary sas . CVSS Source & Patch 
Vendor -- Product eSeeen Eabienes Score Info 
hyper is an HTTP library for rust. hyper's HTTP/1 server code 
had a flaw that incorrectly parses and accepts requests with a 
*Content-Length’ header with a prefixed plus sign, when it 
should have been rejected as illegal. This combined with an 
upstream HTTP proxy that doesn't parse such “Content-Length” 
tiictaw hVOEE headers, but forwards them, can result in "request smuggling" or netuet CVE-2021-32715 
yp "desync attacks". The flaw exists in all prior versions of hyper 2021-07-07 ne oe MISC 
prior to 0.14.10, if built with “rustc’ v1.5.0 or newer. The CONFIRM 
vulnerability is patched in hyper version 0.14.10. Two 
workarounds exist: One may reject requests manually that 
contain a plus sign prefix in the ‘Content-Length’ header or 
ensure any upstream proxy handles “Content-Length headers 
with a plus sign prefix. 
Improper privilege management vulnerability in Bluetooth 
= application prior to SMR July-2021 Release 1 allows untrusted N7. not yet ||\CVE-2021-25429 
samsung — bluetooth application to access the Bluetooth information in Bluetooth eens calculated MISC 
application. 
: SQL injection vulnerability in Bluetooth prior to SMR July-2021 7 z 
samsung — bluetooth Release 1 allows unauthorized access to paired device 2021-07-08 Peas eal ir cael 
information = 
sarmeuna=blustoeth Improper access control vulnerability in Bluetooth application not yet |ICVE-2021-25430 
9 prior to SMR July-2021 Release 1 allows untrusted application to||_ 2021-07-08 ee ae MISC. 
access the Bluetooth information in Bluetooth application. (=== 
Improper access control vulnerability in Cameralyzer prior to 
Seiieninie spachabyaek versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 2021-07-08 not yet ||CVE-2021-25431 
9 y 3.4.x allows untrusted applications to access some functions of calculated |IMISC 
Cameralyzer. 
edie ss acioneamaraD Improper access control vulnerability in FactoryCameraFB prior not yet ICVE-2021-25440 
9 y to version 3.4.74 allows untrusted applications to access 2021-07-08 y “c= °° 
: d : a calculated |IMISC 
arbitrary files with an escalated privilege. 
= Improper MDM policy management vulnerability in KME module y 
palvelngisinex menage prior to KCS version 1.39 allows MDM users to bypass Knox 2021-07-08 Raa ie oan 
Manage authentication. as 
Information exposure vulnerability in Samsung Members prior to 
samsung -- members versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in 2021-07-08 not yet ||CVE-2021-25432 
Android P(9.0) and above allows untrusted applications to calculated MISC 
access chat data. 
Improper access control vulnerability in Samsung Members prior 
samsung -- members to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 2021-07-08 not yet ||CVE-2021-25439 
in Android P(9.0) and above allows untrusted applications to calculated |IMISC 
cause arbitrary webpage loading in webview. 
Improper access control vulnerability in Samsung Members prior 
samsung -- members to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 2021-07-08 not yet ||\CVE-2021-25438 
in Android P(9.0) and above allows untrusted applications to calculated MISC 
cause local file inclusion in webview. 
Improper component protection vulnerability in 
ealtis tng” Meeeage SmsViewerActivity of Samsung Message prior to SMR July-2021 |} 2021-07-08 Pi Ase oo 
Release 1 allows untrusted applications to access Message files. = 
Improper validation check vulnerability in PackageManager prior 
samsung -- packagemanager to SMR July-2021 Release 1 allows untrusted applications to get 2021-07-08 not yet |\CVE-2021-25428 
dangerous level permission without user confirmation in limited calculated |IMISC 
circumstances. 
Improper input validation vulnerability in Tizen FOTA service 7 : 
samsung -- tizen prior to Firmware update JUL-2021 Release allows arbitrary 2021-07-08 Pt sah io 
code execution via Samsung Accessory Protocol. ——= 
Improper access control vulnerability in Tizen FOTA service prior not yet |ICVE-2021-25437 
samsung -- tizen to Firmware update JUL-2021 Release allows attackers to 2021-07-08 ee ie MISC... 
arbitrary code execution by replacing FOTA update file. (==> 
Improper input validation vulnerability in Tizen bootloader prior to 
4 Firmware update JUL-2021 Release allows arbitrary code 7. not yet ||CVE-2021-25435 
Samsung zen execution using recovery partition in wireless firmware download ae ere calculated MISC 
mode. 
Improper input validation vulnerability in Tizen bootloader prior to 
samsung -- tizen Firmware update JUL-2021 Release allows arbitrary code 2021-07-08 not yet ||\CVE-2021-25434 
execution using param partition in wireless firmware download calculated MISC 
mode. 
: Improper authorization vulnerability in Tizen factory reset policy c ; 
SamieUngi teen prior to Firmware update JUL-2021 Release allows untrusted 2021-07-08 Bina ia 
applications to perform factory reset using dbus signal. (naa 
sinalie tools ==Smaneamel SmarterTools SmarterMail before Build 7776 allows XSS. 2021-07-06 || Notyet |CVE-2021-32233 
calculated |IMISC 
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7/12/2021 Vulnerability Summary for the Week of July 5, 2021 
Primary bas . CVSS Source & Patch 
Vendor -- Product ated ae Eabienes Score Info 
Multiple Out-of-Bound read vulnerability in SonicWall Switch 
sonicwall -- switch when handling LLDP Protocol allows an attacker to cause a 2021-07-09 not yet ||CVE-2021-20024 
system instability or potentially read sensitive information from calculated ||CONFIRM 
the memory locations. 
CVE-2012-2666 
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in not Ver MISC 
suse -- security_incidents src/pkg/debug/gosym/pclintab_test.go creates a temporary file 2021-07-09 edad MISC 
with predicable name and executes it as shell script. MISC 
MISC 
Sica ceacunte incidents Avahi 0.8 allows a local denial of service (NULL pointer not vet CVE-2021-36217 
¥_ dereference and daemon crash) against avahi-daemon via the 2021-07-07 seine MISC 
D-Bus interface or a "ping .local" command. MISC 
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier CVE-2021-36155 
‘ F allocates buffers of arbitrary length, which allows remote not yet |IMISC 
Smee attackers to cause uncontrolled resource consumption and deny 2021-07-09 | calculated MISC 
service. MISC 
wifes owitt Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in ee irr aac 
gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny 2021-07-09 y acer 
; . calculated MISC 
service by sending malformed requests. MISC 
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and CVE-2021-36154 
swift -- swift earlier allows remote attackers to deny service via the delivery of 2021-07-09 not yet |IMISC 
many small messages within a single HTTP/2 frame, leading to calculated MISC 
Uncontrolled Recursion and stack consumption. MISC 
Improper Authorization in ThinkSAAS v2.7 allows remote 
thinksaas -- thinksaas attackers to modify the description of any user's photo via the 2021-07-08 not yet |\CVE-2020-18741 
"photoid%5B%5D" and "photodesc%5B%5D" parameters in the calculated |IMISC 
component "index.php?app=photo." 
‘Trend Micro Password Manager (Consumer) version 5.0.0.1217 
and below is vulnerable to an Exposed Hazardous Function 
, Remote Code Execution vulnerability which could allow an not yet CVE-2021-32462 
trend_micro -- password_manager a ; : : 2021-07-08 MISC 
unprivileged client to manipulate the registry and escalate calculated MISC 
privileges to SYSTEM on affected installations. Authentication is (aaa 
required to exploit this vulnerability. 
‘Trend Micro Password Manager (Consumer) version 5.0.0.1217 
and below is vulnerable to an Integer Truncation Privilege 
Escalation vulnerability which could allow a local attacker to not vet CVE-2021-32461 
trend_micro -- password_manager |trigger a buffer overflow and escalate privileges on affected 2021-07-08 ee ted MISC 
installations. An attacker must first obtain the ability to execute MISC 
low-privileged code on the target system in order to exploit this 
vulnerability. 
It was discovered that the XML::Atom Perl module before 
tibuatis<ateny wer version 0.39 did not disable external entities when parsing XML ni vet CVE-2012-1102 
P from potentially untrusted sources. This may allow attackers to 2021-07-09 Ree oe MISC 
gain read access to otherwise protected resources, depending MISC 
on how the library is used. 
Vapor is a web framework for Swift. In versions 4.47.1 and prior, 
bug in the ‘Data. init(base32Encoded:) function opens up the 
potential for exposing server memory and/or crashing the server 
(Denial of Service) for applications where untrusted data can end not vet CVE-2021-32742 
Vapor -- vapor up in said function. Vapor does not currently use this function 2021-07-09 saleited CONFIRM 
itself so this only impact applications that use the impacted MISC 
function directly or through other dependencies. The vulnerability 
is patched in version 4.47.2. As a workaround, one may use an 
alternative to Vapor's built-in ‘Data.init(base32Encoded:) . 
A use-after-free vulnerability exists in the way Webkit’s 
; F GraphicsContext handles certain events in WebKitGTK 2.30.4. A 
epRItS Orapnicseontext specially crafted web page can lead to a potential information 2021-07-08 BL are i nas 
leak and further memory corruption. A victim must be tricked into iss 
visiting a malicious web page to trigger this vulnerability. 
F ; browser version 2.30.3 x64. A specially crafted HTML web page 
Wwebkitgtk — webkitgtk can cause a use-after-free condition, resulting in remote code 2021-07-08 not yet /CVE-2021-21806 
: fete fae ve ‘ calculated MISC 
execution. The victim needs to visit a malicious web site to 
trigger the vulnerability. 
CVE-2021-34110 
WinWaste.NET version 1.0.6183.16475 has incorrect MISC 
winwaste.net -- winwaste.net permissions, allowing a local unprivileged user to replace the 2021-07-08 not yet |IMISC 
executable with a malicious file that will be executed with calculated |IMISC 
"LocalSystem" privileges. MISC 
MISC 
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Primary _ . CVSS Source & Patch 
Vendor -- Product rela i | Eapienes Score Info 
Directory traversal in the CM Download Manager (aka cm- 
Wordpress = Wwerdonese download-manager) plugin 2.7.0 for WordPress allows niei-vet CVE-2020-24 146 
v P authorized users to delete arbitrary files and possibly cause a 2021-07-07 se MISC 
denial of service via the fileName parameter in a MISC 
deletescreenshot action. 
Wie Rlbree® aNORIGIaSS Server-side request forgery (SSR) vulnerability in the WP Smart nat Vet CVE-2020-24 147 
P P Import (wp-smart-import) plugin 1.0.0 for WordPress via the file || 2021-07-07 ee teq (MISC 
field. MISC 
Server-side request forgery (SSRF) in the Podcast Importer 
Wud rdineds-<-werdoress SecondLine (podcast-importer-secondline) plugin 1.1.4 for not vat CVE-2020-24149 
P P WordPress via the podcast_feed parameter in a 2021-07-07 eicied MISC 
secondline_import_initialize action to the MISC 
secondlinepodcastimport page. 
A cross site request forgery (CSRF) vulnerability in the CVE-2020-20586 
xyhcms -- xyhcms /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows 2021-07-08 not yet |IMISC 
attackers to edit any information of the administrator such as the calculated MISC 
name, e-mail, and password. MISC 
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